Driving ahead with Automotive Compliance

More than a hundred million lines of code. That’s what goes into the design and manufacturing of today’s vehicles. Our cars have become so incredibly software-driven in recent years that the only thing more complex may be the people who operate them.

Seizing on the advanced capabilities of the Internet of Things (IoT), Artificial Intelligence (AI) and machine learning, automotive engineering is changing the automotive industry in ways that were once unimaginable.

Self-driving cars make navigational decisions. Computerized systems detect future failures. Controls adapt to the user’s preferences. Accurate, real-time geospatial information streams into the cockpit. Infotainment systems rival those in the home. And beneath the hood, new hybrid or electric motors promise greener and sustainable alternate vehicles. Under this advanced technology, is another layer of sophisticated software that operates and synchronizes every function.

As you would imagine, the development of these automotive engineering advancements has precipitated the need for tougher industry standards. Standards that span process, safety, and emerging AI/Over-the-Air (OTA’s) updates. Adherence to standards such as Automotive SPICE (Automotive Software Performance Improvement and Capability dEtermination) – commonly known as ASPICE – is now not only advised, but has become a mandate. This presents a challenge to automotive engineers throughout the world. How do you comply with exponentially increasing sets of standards, created by numerous governing bodies, with requirements that could make your products prohibitively expensive?

Data drives automotive processes

• Connected cars process up to 25 gigabytes of data per hour¹
• Car software may be over 100 million lines of code²
• Connected car market is predicted to reach more than USD 219 billion by 2025³

The route requires a new map

• 50% of automotive executives say that digital reinvention is required to succeed—or even survive—today and in the future⁴
• 72% of automotive companies surveyed say innovation is one of the most important attributes for defining their competitive advantage⁴
• 74% of automotive organizations apply AI to uncover new insights⁴

See how Mercedes-Benz underwent digital transformation to automate processes amid growing complexity.

After a century of accelerated technological innovation and profound changes in consumer expectations, automobiles have become high-efficiency, multipurpose commodities, powered by sophisticated software. Features that were once unimaginable are quickly becoming commonplace: electric and hybrid motors, advanced sensors, modular systems, infotainment systems and personalized settings. What’s next is anybody’s guess.

With all these integrated systems, and their interconnectivity inside and outside the vehicle, more things can go wrong. And when a system malfunctions, it can do so with catastrophic results. Just read the headlines when new technology fails and you’ll see how devastating it can be. Failure is not only problematic for the driver and others on the roads, but also to automotive progress which is brought to a screeching halt when critical safety errors occur.

When an entire industry can be impacted by a single, serious incident, compliance becomes imperative

Automotive industry standards help ensure clear communication throughout the product lifecycle. The traceability that standards require help product designers, engineers and testers to confidently develop and introduce safer, more reliable vehicles. These standards also ensure that the data created, captured, stored and communicated to and from these vehicles is not only accurate, but properly managed — and the electronics and communications systems they power are private and secure.

The standards now being introduced, adopted and in some cases mandated, apply not only to auto manufacturers, but to their suppliers as well.

You’re only as good as your worst supplier

Figure 1. Changes in technology lead to a new ecosystem of suppliers

All it takes is one unforeseen problem to bring your business to a crashing halt. So if you’re manufacturing a car with 30,000 parts, and 100 million lines of code – coming from 40 different suppliers – you’ve got a lot of opportunity for error. You can’t help but be awed by the enormity of the automotive supply chain. And you can readily envision how easy it could be for any manufacturer to inadvertently put itself in peril.

New electronic components that increase risk include

• Control systems
• Collision avoidance
• Adaptive cruise control
• Lane-keeping assistance
• Vehicle-to-vehicle communication
• Hands-off steering

Automotive pundits and legal experts urge suppliers to adhere to industry standards (ASPICE, ISO 26262, UNECE WP.29/R155, ISO/SAE 21434) and to be extremely attentive to the responsibilities that their original equipment manufacturers (OEMs) accept for testing, handling warranty claims and determining the root causes of failures.

Experts in the automotive industry urge manufacturers to create a trusted partner ecosystem that collaborates, tests and refines products from inception through the vehicle lifecycle. Only by engaging with trusted suppliers who adhere to industry standards can any organization be assured that their processes and products meet stringent guidelines for safety, security, quality and performance.

Compliance can be your competitive advantage

Adopting standards like ISO 26262 for safety, ISO 21434 for security, and ASPICE which help establish a framework for measuring process quality can help deliver higher product quality and development efficiency.

IBM’s approach is to integrate these compliance frameworks across the development processes in order to optimize adherence. IBM is committed to grow and augment solution capabilities for helping with compliance as the industry standards grow and mature. This means reduced risk, lower costs, greater sales and stronger brand loyalty.

Figure 2. Potential cost to address problems increases the later they are discovered in development process.

Safety

An IBM Institute for Business Value study indicated that safety is a top consumer concern. Process standards such as ASPICE and ISO 26262 help improve safety. 68% of executives identify safety as a brand differentiator for autonomous vehicles.¹

Security

The ISO 21434 standard helps improve security and an IBM Institute for Business Value consumer study revealed that 57% of consumers said they would consider one brand over another if it had better security and privacy.¹

ASPICE is an extendable process assessment model focused on software development. ASPICE incorporates both governance — which is maintained by automotive companies — and assessment — which requires that projects follow system and engineering best practices. It guides the processes for the development, integration, collaboration and testing of a vehicle and establishes six levels of capability – and the criteria for each level of achievement. It also defines how a process will be assessed.

What are ASPICE capability levels?

IBM Engineering Lifecycle Management (ELM) provides essential assets which help engineering teams achieve their selected assessment level of the ASPICE standard. ELM functions neatly overlay the different ASPICE process groups as outlined below.

The final product is only as good as its components

The adoption of ASPICE is moving beyond OEMs into the expansive realm of their partners and suppliers. Collaboration and transparency between organizations throughout the process are paramount to meet an assessment level. Suppliers must demonstrate they meet the required ASPICE assessment level to remain in the manufacturer’s ecosystem. And unless a supplier can prove adherence to the assessment level, they will not be invited to submit bids.

Unlike many standards that cover the activities of the entire organization, ASPICE is specific to individual processes. It serves as an overarching framework working in the context with other automotive standards such as UNECE WP.29/R155, ISO26262 and ISO21434 — and requires a tremendous amount of commitment to achieve compliance. IBM ELM integrates templates and processes into the development lifecycle to assist product engineering teams embrace the compliance standard as part of their normal engineering work.

ISO26262 is the current ISO standard for safety relevant electronic and electric (E/E) systems in passenger cars. As the innovation and optimization of electrical and electronic vehicle architectures has increased rapidly in the last three decades so has the focus on guaranteeing the functional safety of the subsystems and systems in production. The diagram below provides an overview of the growing number of electrical/electronic features in the modern automobile which can potentially affect the safety of the vehicle.

IBM Engineering embraces the ISO26262 standard across the engineering processes to help enable automotive safety in the development lifecycle. IBM ELM helps engineering teams to identify and assess safety risks, categorize these risks based on their criticality factor under the Automotive Safety Integrity Level (ASIL) under ISO26262. These safety classifications help:

• Establish various safety requirements to mitigate the risks to acceptable levels
• Smoothly manage and track these safety requirements
• Ensure that standardized safety procedures have been followed in the delivered product

The ISO26262 enablement within the IBM ELM portfolio helps provide proper requirements management, design, and quality management practices. IBM ELM provides full traceability across all assets and work products, originating from requirements enabling change and configuration management to drive improvement around collecting process and operational information. IBM ELM also helps with accountability and progress reporting including the audit trail for work products and process.

The 10 parts of ISO26262 supported with the IBM ELM portfolio

IBM provides a set of best practices to help organizations develop products that must comply with the ISO-26262 functional safety standard. The scope of these practices convers the areas that are described by ISO-26262, relating to management of functional safety, concept, system engineering, and software development. They have been developed to support the incremental adoption of process, practices and tools, thereby reducing the time to value for process improvement initiatives.

Drilling down a little deeper we can outline exactly how IBM ELM facilitates complying with the ISO26262 standard in the following manner:

• Verification and verification planning (Engineering Test Management)
  • Lot of emphasis on validation and verification of systems, hardware and software
  • Level and type of test dependent upon ASIL of element to be developed
  • Integrations with National Instruments Veristand
  • ISO26262 process template
  • Work going on with ETAS on HW-SW integration with EWM
    
    
• Production and operation
  • New technology in the form of Internet of Things
  • Big Data and Analytics
    
    
• Turning data into information (ELO –Engineering Insights)
  • Collaborative environment and team working
  • Potentially across OEM-supplier boundaries
  • View information existing in different tools via OSLC integrations
    • Siemens Capital
    • National Instruments
    • Jira
      
      
• Customise views on information

IBM ELM can help automotive companies streamline compliance to the UNECE WP.29/ R155 and ISO/SAE 21434 for cybersecurity by enabling development teams to perform TARA for cybersecurity risk assessment and manage product development leveraging advanced engineering practices.

The ELM enablement guides your teams on how to work across threat analysis, requirements, architecture, testing, and workflow given a linked information model that integrates industry standards and vocabulary. A common information model simplifies the process of traceability by using prescriptive guidance to establish these defined relationships. This process enables a set of reports that validate coverage and gaps within these links, identifying compliance state and work item progress to predict release readiness.

ELM helps teams implement best practices from the real world. Its content is developed in accordance with ongoing industry transformation, combining established agile process frameworks with an industry regulation-oriented design. The solution provides a more flexible and responsive working model by translating agile patterns into a usable implementation, enabling automotive companies to accelerate and transform their development processes.

The ready-to-use, built-in process guidance enables engineering teams to establish standardized processes across departments and companies, which helps reduce the time that teams need to define mature processes in vehicle systems engineering and development. This results in less time and costs required to achieve compliance and greater acceptance among development teams.

By implementing cybersecurity standards into ELM the clients can achieve the following benefits:

IBM wanted to help make achieving compliance easier, so we introduced a simple way to leverage the capabilities of ELM when implementing varied industry standards across your development lifecycle with the Engineering Lifecycle Management (ELM) Automotive Compliance solution, an integrated portfolio of engineering management capabilities, to help automotive companies create products more efficiently.

With the IBM ELM Automotive Compliance solution, automotive manufacturers and suppliers can more easily address the complex and comprehensive standard defined by ASPICE, as well as streamline adherence to UNECE WP.29/R155, ISO 26262, and ISO/SAE 21434 by helping their development teams perform threat assessment, remediation analysis, and product development for cybersecurity. It allows for digital requirements management, test management, systems design, and agile tracking to help organizations achieve automotive industry assessment level and compliance across these various standards.

To create this solution, IBM worked diligently with industry experts, including ASPICE assessors and practitioner committees. IBM ELM Automotive Compliance is delivered as a set of flexibly customizable artifacts which can be deployed into IBM ELM. The solution contains three types of assets:

• Process guidance on how to perform activities recommended in ASPICE, ISO 26262 and ISO/SAE 21434 using the IBM ELM Automotive Compliance solution
• Templates to setup project areas which makes it easy and efficient teams to follow the processes and comply with requirements of various standards
• Reports to track progress and compliance status of projects

The offering can be deployed and tailored by customers personnel, IBM Services or any other IBM partner who has experience in tool roll out and the automotive industry.

IBM accelerates automotive industry compliance in five different ways

• Simplifies assessment level and compliance with industry standards by providing repeatable patterns as templates.
• Harmonizes customer processes with industry standards and support them using accelerators.
• Integrates with compliance tools and connects IBM customers with industry experts.
• Allows for collaboration with mature practitioners to align compliance support with market demand.
• Provides insights about industry challenges and best practices.

IBM building blocks approach to modern automotive engineering

For over a century now, automotive manufacturers and IBM have not only embraced innovation, but have driven it. Together, we have changed how the world thinks and moves, while always driving forward.