In order to meet the requirements of both standards, all the parties involved in product development must demonstrate a high level of process maturity in their software development activities. In the automotive industry, this is covered by ASPICE, which stands for “Automotive Software Process Improvement and Capability Determination”. This is an evaluation of the maturity level of software development processes which have since been expanded to include elements of relevance to cyber security. ASPICE can be used to assess, compare and improve the quality of software development in the automotive industry. Processes that influence software development, such as the interaction of software, hardware and mechanical components in a mechatronic system, are also taken into account.
Compliance with UNECE (United Nations Economic Commission for Europe) Regulation No. 155 requires that car manufacturers harmonize and as far as possible combine their cyber security, functional safety and software development specifications, both in house and throughout their supply chains.
By bringing the three areas of expertise together in the Cyber Security Hub, DEKRA has created an outstanding basis for supporting vehicle manufacturers in efficiently complying with the UN Regulation and enabling suppliers to comply with the corresponding international standards in this regard.