Scenic view of road by mountains against sky
Driving ahead with Automotive Compliance


4 min read

Where the rubber meets the road

More than a hundred million lines of code. That’s what goes into the design and manufacturing of today’s vehicles. Our cars have become so incredibly software-driven in recent years that the only thing more complex may be the people who operate them.

Seizing on the advanced capabilities of the Internet of Things (IoT), Artificial Intelligence (AI) and machine learning, automotive engineering is changing the automotive industry in ways that were once unimaginable.

Self-driving cars make navigational decisions. Computerized systems detect future failures. Controls adapt to the user’s preferences. Accurate, real-time geospatial information streams into the cockpit. Infotainment systems rival those in the home. And beneath the hood, new hybrid or electric motors promise greener and sustainable alternate vehicles. Under this advanced technology, is another layer of sophisticated software that operates and synchronizes every function.

As you would imagine, the development of these automotive engineering advancements has precipitated the need for tougher industry standards. Standards that span process, safety, and emerging AI/Over-the-Air (OTA’s) updates. Adherence to standards such as Automotive SPICE (Automotive Software Performance Improvement and Capability dEtermination) – commonly known as ASPICE – is now not only advised, but has become a mandate. This presents a challenge to automotive engineers throughout the world. How do you comply with exponentially increasing sets of standards, created by numerous governing bodies, with requirements that could make your products prohibitively expensive?

Data drives automotive processes

  • Connected cars process up to 25 gigabytes of data per hour1
  • Car software may be over 100 million lines of code2
  • Connected car market is predicted to reach more than USD 219 billion by 20253

The route requires a new map

  • 50% of automotive executives say that digital reinvention is required to succeed—or even survive—today and in the future4
  • 72% of automotive companies surveyed say innovation is one of the most important attributes for defining their competitive advantage4
  • 74% of automotive organizations apply AI to uncover new insights4

See how Mercedes-Benz underwent digital transformation to automate processes amid growing complexity.

1 Felix Richter, Big Data on Wheels, statista, February 2017.
2 Robert N. Charette, This Car Runs on Code, IEEE Spectrum, February 2009.
4 Automotive 2030: Racing towards a digital future, IBM Institute for Business Value, November 2020


5 min read

Compliance in the automotive industry

After a century of accelerated technological innovation and profound changes in consumer expectations, automobiles have become high-efficiency, multipurpose commodities, powered by sophisticated software. Features that were once unimaginable are quickly becoming commonplace: electric and hybrid motors, advanced sensors, modular systems, infotainment systems and personalized settings. What’s next is anybody’s guess.

Any customer can have a car painted any color that he wants so long as it is black. ”
– Henry Ford

With all these integrated systems, and their interconnectivity inside and outside the vehicle, more things can go wrong. And when a system malfunctions, it can do so with catastrophic results. Just read the headlines when new technology fails and you’ll see how devastating it can be. Failure is not only problematic for the driver and others on the roads, but also to automotive progress which is brought to a screeching halt when critical safety errors occur.

When an entire industry can be impacted by a single, serious incident, compliance becomes imperative

Automotive industry standards help ensure clear communication throughout the product lifecycle. The traceability that standards require help product designers, engineers and testers to confidently develop and introduce safer, more reliable vehicles. These standards also ensure that the data created, captured, stored and communicated to and from these vehicles is not only accurate, but properly managed — and the electronics and communications systems they power are private and secure.

The standards now being introduced, adopted and in some cases mandated, apply not only to auto manufacturers, but to their suppliers as well.

You’re only as good as your worst supplier

Electric motors, power electronics, advanced batteries
IoT Hardware
Advanced sensors, corner modules
Industrial design
Advanced user interfaces, modular bodies
Autonomous driving
Advanced central operating system with self-driving capabilities

Figure 1. Changes in technology lead to a new ecosystem of suppliers

All it takes is one unforeseen problem to bring your business to a crashing halt. So if you’re manufacturing a car with 30,000 parts, and 100 million lines of code – coming from 40 different suppliers – you’ve got a lot of opportunity for error. You can’t help but be awed by the enormity of the automotive supply chain. And you can readily envision how easy it could be for any manufacturer to inadvertently put itself in peril.

New electronic components that increase risk include

  • Control systems
  • Collision avoidance
  • Adaptive cruise control
  • Lane-keeping assistance
  • Vehicle-to-vehicle communication
  • Hands-off steering

Automotive pundits and legal experts urge suppliers to adhere to industry standards (ASPICE, ISO 26262, UNECE WP.29/R155, ISO/SAE 21434) and to be extremely attentive to the responsibilities that their original equipment manufacturers (OEMs) accept for testing, handling warranty claims and determining the root causes of failures.

Experts in the automotive industry urge manufacturers to create a trusted partner ecosystem that collaborates, tests and refines products from inception through the vehicle lifecycle. Only by engaging with trusted suppliers who adhere to industry standards can any organization be assured that their processes and products meet stringent guidelines for safety, security, quality and performance.

Compliance can be your competitive advantage

Adopting standards like ISO 26262 for safety, ISO 21434 for security, and ASPICE which help establish a framework for measuring process quality can help deliver higher product quality and development efficiency.

IBM’s approach is to integrate these compliance frameworks across the development processes in order to optimize adherence. IBM is committed to grow and augment solution capabilities for helping with compliance as the industry standards grow and mature. This means reduced risk, lower costs, greater sales and stronger brand loyalty.

Figure 2. Potential cost to address problems increases the later they are discovered in development process.


An IBM Institute for Business Value study indicated that safety is a top consumer concern. Process standards such as ASPICE and ISO 26262 help improve safety. 68% of executives identify safety as a brand differentiator for autonomous vehicles.1


The ISO 21434 standard helps improve security and an IBM Institute for Business Value consumer study revealed that 57% of consumers said they would consider one brand over another if it had better security and privacy.1



4 min read

IBM Engineering Lifecycle Management and ASPICE

ASPICE is an extendable process assessment model focused on software development. ASPICE incorporates both governance — which is maintained by automotive companies — and assessment — which requires that projects follow system and engineering best practices. It guides the processes for the development, integration, collaboration and testing of a vehicle and establishes six levels of capability – and the criteria for each level of achievement. It also defines how a process will be assessed.

What are ASPICE capability levels?

Processes are not only consistent enough to be predicable, but the supplier is mature enough to be able to optimize their processes.
A supplier must have been executing processes consistently enough and long enough that performance can be predicted.
Development processes are well established, documented and have been followed across the supplier for a period of time.
Development processes are established, documented and followed across the organization. The supplier is prepared to implement and support its products.
Safety-critical development processes are complete and have been documented.
Development processes and the products themselves are incomplete and/or have not been documented.

IBM Engineering Lifecycle Management (ELM) provides essential assets which help engineering teams achieve their selected assessment level of the ASPICE standard. ELM functions neatly overlay the different ASPICE process groups as outlined below.

ASPICE process groups chart
IBM ELM solution elements aligned with ASPICE process groups.

The final product is only as good as its components

The adoption of ASPICE is moving beyond OEMs into the expansive realm of their partners and suppliers. Collaboration and transparency between organizations throughout the process are paramount to meet an assessment level. Suppliers must demonstrate they meet the required ASPICE assessment level to remain in the manufacturer’s ecosystem. And unless a supplier can prove adherence to the assessment level, they will not be invited to submit bids.

Unlike many standards that cover the activities of the entire organization, ASPICE is specific to individual processes. It serves as an overarching framework working in the context with other automotive standards such as UNECE WP.29/R155, ISO26262 and ISO21434 — and requires a tremendous amount of commitment to achieve compliance. IBM ELM integrates templates and processes into the development lifecycle to assist product engineering teams embrace the compliance standard as part of their normal engineering work.


4 min read

IBM Engineering Lifecycle Management and ISO26262

ISO26262 is the current ISO standard for safety relevant electronic and electric (E/E) systems in passenger cars. As the innovation and optimization of electrical and electronic vehicle architectures has increased rapidly in the last three decades so has the focus on guaranteeing the functional safety of the subsystems and systems in production. The diagram below provides an overview of the growing number of electrical/electronic features in the modern automobile which can potentially affect the safety of the vehicle.

Electric and electric systems

illustration of a car

Active exhaust

Active suspension

Active vibration control

Adaptive cruise control

Adaptive front lighting

Airgbag deployement

Automatic braking

Battery management

Engine control

Event data recorder

Heads up display

Instrument cluster

Lane control

Lane correction

Navigation system

Night vision

Parking system

Security system

Stability control

Voice/data communications


IBM Engineering embraces the ISO26262 standard across the engineering processes to help enable automotive safety in the development lifecycle. IBM ELM helps engineering teams to identify and assess safety risks, categorize these risks based on their criticality factor under the Automotive Safety Integrity Level (ASIL) under ISO26262. These safety classifications help:

  • Establish various safety requirements to mitigate the risks to acceptable levels
  • Smoothly manage and track these safety requirements
  • Ensure that standardized safety procedures have been followed in the delivered product

The ISO26262 enablement within the IBM ELM portfolio helps provide proper requirements management, design, and quality management practices. IBM ELM provides full traceability across all assets and work products, originating from requirements enabling change and configuration management to drive improvement around collecting process and operational information. IBM ELM also helps with accountability and progress reporting including the audit trail for work products and process.

The 10 parts of ISO26262 supported with the IBM ELM portfolio

Parts of ISO 26262
Supported with IBM ELM portfolio
DOORS / DOORS Next glossary
Management of functional safety
Engineering workflow management (EWM), ELO - Method Composer
Concept phase
DOORS / DOORS Next, System design, Rhapsody / RMM
Product development on system level
DOORS / DOORS Next, Rhapsody / RMM, ETM (test def.) / ETM (test results)
Hardware development
DOORS / DOORS Next, Rhapsody / RMM, ETM, 3rd party tools (mentor)
Software development
DOORS / DOORS Next, Rhapsody / RMM, ETM
Production and operation
IoT connection service, Vehicle insights, 3rd party integration to PLM
Supporting processes
Change management (EWM), Configuration management (EWM), Requirements management (DOORS / DOORS Next), Reporting and metrics EWM dashboard, JRS, ELO - Publishing, ELO - Engineering Insights
ASIL-oriented and safety related analysis
Safety requirements (DOORS / DOORS Next), Rhapsody (dependability profile), 3rd party tools
Guidelines on 26262 (informative)
ELO - Method Composer

IBM provides a set of best practices to help organizations develop products that must comply with the ISO-26262 functional safety standard. The scope of these practices convers the areas that are described by ISO-26262, relating to management of functional safety, concept, system engineering, and software development. They have been developed to support the incremental adoption of process, practices and tools, thereby reducing the time to value for process improvement initiatives.

Drilling down a little deeper we can outline exactly how IBM ELM facilitates complying with the ISO26262 standard in the following manner:

  • Verification and verification planning (Engineering Test Management)
    • Lot of emphasis on validation and verification of systems, hardware and software
    • Level and type of test dependent upon ASIL of element to be developed
    • Integrations with National Instruments Veristand
    • ISO26262 process template
    • Work going on with ETAS on HW-SW integration with EWM

  • Production and operation
    • New technology in the form of Internet of Things
    • Big Data and Analytics

  • Turning data into information (ELO –Engineering Insights)
    • Collaborative environment and team working
    • Potentially across OEM-supplier boundaries
    • View information existing in different tools via OSLC integrations
      • Siemens Capital
      • National Instruments
      • Jira

  • Customise views on information


4 min read

IBM Engineering Lifecycle Management and UNECE WP 29, ISO/SAE 21434

IBM ELM can help automotive companies streamline compliance to the UNECE WP.29/ R155 and ISO/SAE 21434 for cybersecurity by enabling development teams to perform TARA for cybersecurity risk assessment and manage product development leveraging advanced engineering practices.

The ELM enablement guides your teams on how to work across threat analysis, requirements, architecture, testing, and workflow given a linked information model that integrates industry standards and vocabulary. A common information model simplifies the process of traceability by using prescriptive guidance to establish these defined relationships. This process enables a set of reports that validate coverage and gaps within these links, identifying compliance state and work item progress to predict release readiness.

ELM helps teams implement best practices from the real world. Its content is developed in accordance with ongoing industry transformation, combining established agile process frameworks with an industry regulation-oriented design. The solution provides a more flexible and responsive working model by translating agile patterns into a usable implementation, enabling automotive companies to accelerate and transform their development processes.

The ready-to-use, built-in process guidance enables engineering teams to establish standardized processes across departments and companies, which helps reduce the time that teams need to define mature processes in vehicle systems engineering and development. This results in less time and costs required to achieve compliance and greater acceptance among development teams.

By implementing cybersecurity standards into ELM the clients can achieve the following benefits:

Get a process-wide concept that explains how threat analysis, requirements, architecture, testing, and workflow work well together.
Get a ready-to-use generic engineering process that can be customized. Defining the process is an important part of satisfying the compliance requirements for process maturity.
Get a set of reports that can be used to identify compliance state and where they currently have gaps in traceability or in terms of work item progress.
Get templates that meet assessors’ expectations for process maturity regarding the structuring of requirements and the minimum information that needs to be managed.
Have an asset that helps them to promote the tool landscape internally for an automotive audience. The terminology used in the offering is the terminology used by automotive companies to structure their organization internally. Using the same language lowers the adoption and endorsement hurdle for internal champions.


Cybersecurity in emerging automotive technology

Potential attack points:

Operating system   Private data   Key certificates   Browser   ECU   HMI

Malicious activities

Mobile/remote access

External data media

Man-in-the-middle attack

Compromised actuator

Key/certificate store

User Data Spying

Firmware update

Software vulnerabilities


4 min read

IBM Engineering Lifecycle Management Automotive Compliance solution

IBM wanted to help make achieving compliance easier, so we introduced a simple way to leverage the capabilities of ELM when implementing varied industry standards across your development lifecycle with the Engineering Lifecycle Management (ELM) Automotive Compliance solution, an integrated portfolio of engineering management capabilities, to help automotive companies create products more efficiently.

With the IBM ELM Automotive Compliance solution, automotive manufacturers and suppliers can more easily address the complex and comprehensive standard defined by ASPICE, as well as streamline adherence to UNECE WP.29/R155, ISO 26262, and ISO/SAE 21434 by helping their development teams perform threat assessment, remediation analysis, and product development for cybersecurity. It allows for digital requirements management, test management, systems design, and agile tracking to help organizations achieve automotive industry assessment level and compliance across these various standards.

To create this solution, IBM worked diligently with industry experts, including ASPICE assessors and practitioner committees. IBM ELM Automotive Compliance is delivered as a set of flexibly customizable artifacts which can be deployed into IBM ELM. The solution contains three types of assets:

  • Process guidance on how to perform activities recommended in ASPICE, ISO 26262 and ISO/SAE 21434 using the IBM ELM Automotive Compliance solution
  • Templates to setup project areas which makes it easy and efficient teams to follow the processes and comply with requirements of various standards
  • Reports to track progress and compliance status of projects

The offering can be deployed and tailored by customers personnel, IBM Services or any other IBM partner who has experience in tool roll out and the automotive industry.

IBM accelerates automotive industry compliance in five different ways

  • Simplifies assessment level and compliance with industry standards by providing repeatable patterns as templates.
  • Harmonizes customer processes with industry standards and support them using accelerators.
  • Integrates with compliance tools and connects IBM customers with industry experts.
  • Allows for collaboration with mature practitioners to align compliance support with market demand.
  • Provides insights about industry challenges and best practices.

IBM building blocks approach to modern automotive engineering

For over a century now, automotive manufacturers and IBM have not only embraced innovation, but have driven it. Together, we have changed how the world thinks and moves, while always driving forward.

ELM - IBM Engineering Lifecycle Management
Sophisticated capabilities for systems engineering
Compliance - Industry Compliance for Automotive
Customization and reporting for ASPICE & ISO-26262
Agile Method Content
Safe process and customization for agile organizations
Customer Process Alignment
Services for tailoring, provisioning and enablement