



# Hardware SPICE

| Version Control |                           |
|-----------------|---------------------------|
| Version:        | 2.0                       |
| Release date:   | Dec 18 <sup>th</sup> 2020 |
| Distribution    | Public                    |
| Status          | Released                  |



### Content

| 1      | Documen     | t Scope                                                                   | 4  |
|--------|-------------|---------------------------------------------------------------------------|----|
|        | 1.1         | Contributors                                                              | 4  |
|        | 1.2         | Trademarks                                                                | 4  |
|        | 1.3         | Copyright Notice                                                          | 4  |
|        | 1.4         | Document History                                                          | 5  |
|        | 1.5         | Distribution of This Document                                             | 5  |
|        | 1.6         | Change Request Handling                                                   | 5  |
|        | 1.7         | References                                                                | 5  |
|        | 1.8         | Terms, Definitions, and Abbreviations                                     | 7  |
| 2      | Introductio | on                                                                        | 11 |
|        | 2.1         | Purpose                                                                   | 11 |
|        | 2.2         | Scope                                                                     | 11 |
|        | 2.3         | Community of Interest                                                     | 12 |
|        | 2.4         | Automotive SPICE® plug-in candidate vs. standalone use                    | 12 |
| 3      | Key Conc    | epts                                                                      | 13 |
|        | 3.1         | Recollection – Understanding of a PRM                                     | 13 |
|        | 3.2         | Rationales, General                                                       | 15 |
|        | 3.3         | Rationales for HWE.1                                                      | 16 |
|        | 3.4         | Rationales for HWE.2                                                      | 19 |
|        | 3.5         | Rationales for HWE.3 and HWE.4                                            | 21 |
|        | 3.6         | Addressing the Mixture of Requirements and Design                         | 23 |
|        | 3.7         | Notion of 'System' above HWE Processes                                    | 24 |
|        | 3.8         | Agile Approaches                                                          | 24 |
|        | 3.9         | ISO 26262 Mapping                                                         | 25 |
|        | 3.10        | Automotive SPICE® PAM                                                     | 26 |
|        | 3.11        | VDA BlueGoldBook 'Automotive SPICE® Guidelines' [20]                      | 28 |
| 4<br>R |             | Reference Model, Performance Indicators (CL1), Rating Rules, Rating tions | 29 |
|        | 4.1         | HWE.1 – Hardware Requirements Analysis                                    | 29 |
|        | 4.2         | HWE.2 – Hardware Design                                                   | 34 |
|        | 4.3         | HWE.3 – Verification against Hardware Design                              | 39 |
|        | 4.4         | HWE.4 – Verification against Hardware Requirements                        | 43 |
| 5      | Process C   | Capability Levels and Process Attributes                                  | 46 |
| A      | nnex A 🛛 Wo | ork Product Characteristics (WPC)                                         | 47 |

| Annex A.1 | 1 [  | Motivation                                     |
|-----------|------|------------------------------------------------|
| Annex A.2 | 2 ۱  | WPC in this Document                           |
| Annex B   | Con  | formity of the HWE PRM/PAM50                   |
| Annex B.1 | 1 I  | Introduction                                   |
| Annex B.2 | 2 (  | Conformance to the requirements for PRMs50     |
| Annex B.3 | 3 (  | Conformance to the requirements for PAMs50     |
| Annex C   | Prop | posals for Automotive SPICE <sup>®</sup>       |
| Annex C.1 | 1 [  | MAN.3 Project Management                       |
| Annex C.2 | 2 5  | SYS.2 System Requirements Analysis             |
| Annex C.3 | 3 5  | SYS.3 System Architectural Design              |
| Annex C.4 | 4 9  | SYS.4 System Integration Testing               |
| Annex C.5 | 5 5  | SYS.5 System Qualification Testing             |
| Annex C.6 | 6 9  | SWE.2 Software Architectural Design57          |
| Annex C.7 | 7 5  | SPL.2 Product Release                          |
| Annex C.8 | 8 ۱  | WPC 13-21 Change Control Record 58             |
| Annex C.9 | 9 ۱  | ۷PC 13-22 Traceability Record 5٤               |
| Annex C.1 | 10 ۱ | WPC 17-08 Interface requirements specification |
| Annex C.1 | 11 F | Further proposals                              |
| Annex D   | Con  | tact Persons                                   |
| Annex E   | Chai | nge History61                                  |

# 1 Document Scope

# 1.1 Contributors

The following companies have contributed to the creation of this document (alphabetical order):

ART S.p.A., Audi AG, Brose Fahrzeugteile SE & Co. KG, Continental Automotive GmbH, Car.Software-Organisation (subsidiary within the Volkswagen Group), DräxImaier Group, Exida Group, Infineon, ITK Engineering GmbH, Kugler Maag Cie GmbH, Lorit Consultancy GmbH, Preh GmbH, Robert Bosch GmbH, Schaeffler Technologies AG & Co. KG, Sharpen360, SynSpace Group GmbH, Valeo Siemens eAutomotive Germany GmbH, WABCO GmbH & Co. KG, ZF Friedrichshafen AG

Direct contact partners of the respective companies see Annex D.

# **1.2 Trademarks**

Automotive SPICE<sup>®</sup> is a registered trademark of the 'Verband der Automobilindustrie e.V.' (VDA). For further information about Automotive SPICE<sup>®</sup> visit <u>www.automotivespice.com</u>.

intacs<sup>™</sup> is a registered trademark.

# **1.3 Copyright Notice**

Copyright 2018-2019 International Assessor Certification Scheme e.V. (hereafter referred to as intacs). All rights reserved.

Redistribution and use with or without modification are permitted provided that redistribution reproduces the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS DOCUMENTATION IS PROVIDED BY INTACS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTACS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE

This document may reproduce relevant material from:

■ ISO/IEC 33020:2015 (Information technology -- Process assessment -- Process measurement framework for assessment of process capability).

It provides the following copyright release statement:

'Users of this International Standard may reproduce clauses 5.2, 5.3, 5.4 and 5.6 as part of any process assessment model or maturity model so that it can be used for its intended purpose.'

Relevant material from one of the mentioned standards is incorporated under the copyright release notice.

■ The Automotive SPICE® Process Reference Model and Process Assessment Model Version 3.x for which permission has been granted by the SPICE User Group and the VDA QMC.

Automotive SPICE® is a registered trademark of the 'Verband der Automobilindustrie e.V.' (VDA).For further information about Automotive SPICE® visit <u>www.automotivespice.com</u>.

# **1.4 Document History**

| Version | Date        | Ву                                                       | Notes                                                                                                                                                                           |
|---------|-------------|----------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1.0     | Nov 15 2019 | Pierre Metz<br>intacs™ Advisory Board member             | 1 <sup>st</sup> release                                                                                                                                                         |
| 2.0     | Dec 18 2020 | Pierre Metz<br>intacs <sup>™</sup> Advisory Board member | <sup>2nd</sup> release. Details see "Annex E - Change<br>History". Independent ISO/IEC 33020<br>compliance review, and confirmation, by<br>Mr. Petr Švimberský, Czech Republic. |

# **1.5** Distribution of This Document

Released versions of this document can be obtained freely from the <u>www.intacs.info</u> website. It is permitted for the recipient to further distribute this document without modification.

# 1.6 Change Request Handling

Any problems or change requests shall be reported via the ticketing system on <u>www.intacs.info</u>. Please add the prefix 'HWE PRM/PAM' to the subject of your ticket.

In order for a change request to be processed it must contain

- 1. a detailed problem description
- 2. an elaborated argumentation why a particular rationale is false or incomplete
- 3. a change proposal

# 1.7 References

- [1] ISO/IEC 33001:2015, Information technology -- Process assessment Concepts and terminology
- [2] ISO/IEC 33002:2015 Information technology -- Process assessment Requirements for performing process assessment
- [3] ISO/IEC 33003:2015 Information technology -- Process assessment Requirements for process measurement frameworks

- [4] ISO/IEC 33004:2015 Information technology -- Process assessment Requirements for process reference, process assessment and maturity models
- [5] ISO/IEC 33020:2015 Information technology -- Process assessment Process measurement framework for assessment of process capability
- [6] ISO/IEC/IEEE 29119-1:2013 Software and systems engineering -- Software testing -- Part 1: Concepts and definitions
- [7] ISO/IEC/IEEE 29119-3:2013 Software and systems engineering -- Software testing -- Part 3: Test documentation
- [8] ISO/IEC/IEEE 24765:2017 Systems and software engineering -- Vocabulary
- [9] ISO/IEC 25010:2011 Systems and software engineering Systems and software Quality Requirements and Evaluation
- [10] ISO 26262-1:2018 "2<sup>nd</sup> Edition"
- [11] ISO 26262-2:2018 "2nd Edition"
- [12] ISO 26262-4:2018 "2nd Edition"
- [13] ISO 26262-5:2018 "2nd Edition"
- [14] ISO 26262-6:2018 "2nd Edition"
- [15] ISO 26262-8:2018 "2nd Edition"
- [16] ISO 26262-9:2018 "2<sup>nd</sup> Edition"
- [17] ISO 26262-10 "2<sup>nd</sup> Edition"
- [18] ISO 26262-11:2018 "2nd Edition"
- [19] Automotive SPICE® Process Reference Model/Process Assessment Model, v3.1, VDA QMC
- [20] VDA BlueGoldBook 'Automotive SPICE® Guidelines', 1st. edition, September 2017, VDA, Quality Management in the Automotive Industry
- [21] P.Metz, 'Capability Level 2 und 3 in der Praxis', dpunkt Verlag, 2016
- [22] SoQrates Process Assessment Model: SPICE for Hardware Engineering, version 1.0, 30.01.2018, http://soqrates.eurospi.net/images/meetings/files/hwe\_spice\_1.00.pdf
- [23] Process Assessment Model Automotive SPICE for Mechanical Engineering, public release, v1.5 as of Dec 6<sup>th</sup> 2018, intacs working group Mechanical SPICEs
- [24] IATF 16949:2016-10 Quality management system requirements for automotive production and relevant service parts organisations
- [25] ISO IEC IEEE 29148, Systems and software engineering Life cycle processes Requirements engineering
- [26] IREB, Requirements Engineering Fundamentals: A Study Guide for the Certified Professional for Requirements Engineering Exam - Foundation Level - IREB (CPRE) compliant, <u>https://www.ireb.org/de</u>
- [27] ISO IEC IEEE 24765, Systems and software engineering Vocabulary
- [28] INCOSE Guide for Writing Requirements (TP-2010-006-01)
- [29] intacs™ certified Provisional Assessor standard training course materials, 2020
- [30] intacs<sup>™</sup> white paper 'Clarifying Myths with Process Maturity Models vs. Agile', v1.0 of Aug 6<sup>th</sup> 2014, F.Besemer/T.Karasch/P.Metz/J.Pfeffer, see <u>www.intacs.info</u>

# **1.8 Terms, Definitions, and Abbreviations**

| shall  | means that compliance with a statement is mandatory for compliance with an assessment indicator                        |
|--------|------------------------------------------------------------------------------------------------------------------------|
| should | means that compliance with a statement is recommended but is not mandatory for compliance with an assessment indicator |
| may    | is used to describe a permissible way to achieve compliance with an assessment indicator                               |

References to ISO 26262:2018 have been added throughout the HWE PRM/PAM in blue colour text, see clause 3.9.1.

| Term             | Reference                                              | Description                                                                                                                                                                                                                                                                   |
|------------------|--------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| AOI              | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Automated Optical Inspection                                                                                                                                                                                                                                                  |
| AXI              | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Automated X-Ray Inspection                                                                                                                                                                                                                                                    |
| ASIL             | ISO 26262                                              | Automotive Safety Integrity Level                                                                                                                                                                                                                                             |
| BGB              | VDA                                                    | Automotive SPICE® Guidelines ('BlueGoldBook')                                                                                                                                                                                                                                 |
| BP               | ISO/IEC 330xx                                          | Base Practice                                                                                                                                                                                                                                                                 |
| Characterisation | intacs <sup>™</sup> working<br>group 'HW<br>processes' | In semiconductor development a post-silicon process of determining the fundamental electrical and physical characteristics of a device based on statistical analysis (cf. ISO26262-5:2018, clause 10.4, Table 11). Equals e.g. electrical and functional testing of hardware. |
| CL               | ISO/IEC 330xx                                          | Capability Level                                                                                                                                                                                                                                                              |
| CR               | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Change Request                                                                                                                                                                                                                                                                |
| DFA              | [10], [16] clause 7<br>and Annex C                     | Dependent Failure Analysis                                                                                                                                                                                                                                                    |
| ECU              | Automotive SPICE®<br>PRM/PAM                           | Electronic Control Unit                                                                                                                                                                                                                                                       |
| EOL              | intacs <sup>™</sup> working<br>group 'HW<br>processes' | End-of-Line                                                                                                                                                                                                                                                                   |
| ΕΤΑ              | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Event Tree Analysis                                                                                                                                                                                                                                                           |
| FMEA             | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Failure Mode and Effect Analysis                                                                                                                                                                                                                                              |

#### Table 1 – Terminology

| FMECA                        | intacs <sup>™</sup> working<br>group 'HW               | Failure Mode and Effects and Criticality Analysis                                                                                                                             |
|------------------------------|--------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| FMEDA                        | processes'<br>intacs <sup>™</sup> working              | Failure Modes, Effects and Diagnostic coverage Analysis                                                                                                                       |
|                              | group 'HW<br>processes'                                |                                                                                                                                                                               |
| FTA                          | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Fault Tree Analysis                                                                                                                                                           |
| GDSII                        | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Graphical Design Station II or Graphic Data System II                                                                                                                         |
| GP                           | ISO/IEC 330xx                                          | Generic Practice                                                                                                                                                              |
| Hard-macro                   | ISO 26262                                              | A physical representation of an IP (ISO 26262-11:2018, clause 5.1.5 Table 30)                                                                                                 |
| Hardware                     | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Assembled and interconnected physical hardware components or parts which perform analog or digital functions or operations.<br>See Figure 1.                                  |
|                              |                                                        | NOTE: this can refer to a fully assembled PCB, or a microcontroller at the semiconductor level.                                                                               |
|                              |                                                        | NOTE: conceptually, the term 'hardware' can be compared to binary after SW build in the software domain.                                                                      |
| Hardware<br>component        | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Logical (e.g. functional block) or physical group of hardware parts realising a functionality, which                                                                          |
|                              |                                                        | <ul> <li>cannot be realised by any of its hardware parts alone, e.g.<br/>voltage monitoring, power supply.</li> </ul>                                                         |
|                              |                                                        | <ul> <li>may be organised hierarchically, i.e. a hardware component can<br/>contain lower-level hardware components.</li> </ul>                                               |
|                              |                                                        | See Figure 1.                                                                                                                                                                 |
|                              |                                                        | NOTE: Depending on the application, e.g. the populated PCB, a system-<br>on-chip, a microcontroller, or an SBC can be considered a HW component.<br>See also clause 3.7 here. |
| Hardware<br>development only | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Hardware development only refers to projects where hardware is developed without system, software, and mechanical development.                                                |
| Hardware<br>element          | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Generic term, can represent a hardware component, a hardware part, or the hardware. See Figure 1.                                                                             |
| Hardware item                | intacs™ working<br>group 'HW<br>processes'             | Regarding the term 'item', Annex D.3 in [19] applies correspondingly.                                                                                                         |
| Hardware part                | intacs <sup>™</sup> working<br>group 'HW               | Fundamental HW element the purpose and functionality of which cannot be further subdivided or separated.                                                                      |
|                              | processes'                                             | See Figure 1.                                                                                                                                                                 |
|                              |                                                        | NOTE: Examples are transistors, resistors, diodes, non-populated PCB                                                                                                          |
|                              |                                                        | NOTE: Depending on the application, e.g. a system-on-chip, a microcontroller or an SBC can be considered a HW part. See clause 3.7 here.                                      |



|                                    |                                                        | NOTE: the term 'unit' is considered to apply to the software domain only.<br>The term 'hardware part' can be viewed as the hardware counterpart of<br>'software unit'.                                                                                                 |
|------------------------------------|--------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| HW                                 | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Abbreviation for electrical or electronic 'hardware'                                                                                                                                                                                                                   |
| HWE                                | Automotive SPICE®<br>PRM/PAM                           | 15504/330x-compliant lifecycle processes for hardware engineering                                                                                                                                                                                                      |
| ICT                                |                                                        | In-circuit-test                                                                                                                                                                                                                                                        |
| INCOSE                             | https://<br>www.incose.org                             | International Council on Systems Engineering                                                                                                                                                                                                                           |
| IP                                 | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Intellectual Property<br>A reusable unit of logical or physical design to be integrated into a design<br>as a part of a component (ISO 26262-11:2018, clause 4.5).<br>See also term 'hard-macro' and 'soft-macro'.                                                     |
| PA                                 | ISO/IEC 330xx                                          | Process Attribute                                                                                                                                                                                                                                                      |
| PAM                                | ISO/IEC 330xx                                          | Process Assessment Model                                                                                                                                                                                                                                               |
| Pre-Silicon<br>Verification        | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Semiconductor design verification, generally performed as simulation or review without physical hardware. See also term 'Post-Silicon Verification'. (ISO 26262-11:2018, clause 4.8.1; clause 4.12 Table 27, Table 28; clause 5.1.9 Table 31; clause 5.3.5.3 Table 52) |
| Post-Silicon<br>Verification       | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Verification of produced semiconductor (i.e. "on target"). It corresponds to "classical" testing of hardware. (ISO 26262-11:2018, clause 4.12 Table 27, Table 28)                                                                                                      |
|                                    |                                                        | See also terms 'Pre-Silicon Verification' and 'Tape-Out'.                                                                                                                                                                                                              |
| PRM                                | ISO/IEC 330xx                                          | Process Reference Model                                                                                                                                                                                                                                                |
| Qualification of<br>hardware parts | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Verification proceeding to assure lifetime reliability of hardware parts<br>under specified environmental conditions mostly performed according to<br>well-defined industry standards such as AEC-Q100 and JEDEC.                                                      |
| RC                                 | BGB [20]                                               | Rating Recommendation                                                                                                                                                                                                                                                  |
| RL                                 | BGB [20]                                               | Rating Rule                                                                                                                                                                                                                                                            |
| RTL                                | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Register Transfer Level                                                                                                                                                                                                                                                |
| Special<br>characteristics         | See Annex A, 11-HW                                     | 02                                                                                                                                                                                                                                                                     |
| SPICE                              | Adapted from<br>ISO/IEC 15504,<br>ISO/IEC 330xx        | Systems/Software Process Improvement and Capability Determination                                                                                                                                                                                                      |
| Soft-macro                         | ISO 26262                                              | A model representation of an IP in terms of hardware description language (HDL) or analogue transistor level circuit schematic                                                                                                                                         |
| Tape-Out                           | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Final step of the semiconductor design process for integrated circuits at which the graphic for the photomask of the circuit (GDSII) is sent to the fabrication facility.                                                                                              |
|                                    |                                                        | It denotes the transition from the pre- to the post-silicon development phase.                                                                                                                                                                                         |



| Verification<br>measure      | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Verification measure is a generic umbrella term for test cases, measurements, calculations, simulations, reviews, and analyses. |
|------------------------------|--------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------|
| Verification<br>measure data | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Verification measure data are data recorded during the execution of a verification measure.                                     |
| WCCA                         |                                                        | Worst Case Circuit Analyses                                                                                                     |
| WG                           | intacs <sup>™</sup> working<br>group 'HW<br>processes' | Working Group                                                                                                                   |
| WP                           | ISO/IEC 330xx                                          | Work Product Indicator                                                                                                          |
| WPC                          | ISO/IEC 330xx                                          | Characteristics for Work Product Indicators                                                                                     |



Figure 1 – Graphical representation of hardware, hardware component, hardware part, hardware element

# 2 Introduction

This document contains the Hardware Engineering Process Reference Model (PRM) and Process Assessment Model (PAM), hereinafter called 'HWE PRM/PAM', as integral parts.

# 2.1 Purpose

The purpose of this document is to define a PRM and a PAM for Hardware Engineering, in order to assure that assessments are resulting into a set of process profiles in a repeatable and reliable manner, according to ISO/IEC 33004 [4].

# 2.2 Scope

In [20], section 'Introduction' the VDA informs that

'The objective of working group 13 is the definition of the Automotive SPICE process reference and assessment model. In addition to that, it is the objective of the working group to give necessary clarifications and recommendations for the application of Automotive SPICE ...

To fulfill this mandate, the following activities were performed:

Improving the Automotive SPICE Process Assessment and Reference Model regarding structure, inconsistencies, clarifications and additional concepts. This was done with the publication of the 3.0 version of Automotive SPICE in July 2015

... Giving guidelines on the interpretation of Automotive SPICE and on Assessment performance. This is provided by [the VDA BlueGoldBook 'Automotive SPICE® Guidelines] in 2017.'

This means that a full understanding about Automotive SPICE<sup>®</sup> is provided in two distinct documents, i.e. the Automotive SPICE<sup>®</sup> PRM/PAM and the BlueGoldBook (BGB). Further, even though the BGB is called 'Guidelines' that are recommended by the VDA to be followed by its members, its content can be considered 'normative expectations'. This can be concluded from the fact that e.g. a deviation of a full rating rule (RL) requires a documented justification in the assessment report by the assessor responsible.

In order to

- reduce the number of documents needed
- provide assessment indicators that are as expressive and rich as the BGB

this HWE PRM/PAM integrates the 'HWE PRM/PAM guidelines' (i.e. there is no separate 'HWE PRM/PAM guideline' document). This is done by directly strengthening base practices, adding informative notes, and providing rating rules and recommendations on top of the PAM directly below the corresponding process.

### 2.2.1 Technical Scope

The technical scope of this document is electrical or electronic hardware engineering. This excludes:

- system level engineering, i.e. neither the mechatronic nor the ECU level (see clause 3.7). See also the definition of the term "hardware" in clause 1.8;
- procurement (see clause 3.2);
- mechanical or hardware sample manufacturing (see clause 3.2);
- production processes (see clause 3.2).

However, process interfaces are included to

- procurement in terms of receiving physical design-compliant hardware parts;
- production and prototype/sample workshops in terms of providing information such as production data and requirements, and receiving compliant samples, respectively.

# 2.3 Community of Interest

This HWE PRM/PAM has been created

- taking into consideration the work provided by the SoQrates initative [22];
- by consensus of supplier and consultancy companies based in several European countries organised in a working group set up and monitored by intacs<sup>TM</sup> (www.intacs.info); during the creation of this document since Feb 2018 this working group has received an increasing number of inquiries about its status and content. This proves that there is a community of interest in the automotive industry;
- in accordance with the requirements of ISO/IEC 33004 [4] (see Annex B).

# 2.4 Automotive SPICE® plug-in candidate vs. standalone use

Further, this document

can serve as a proposal for a hardware domain plug-in for the Automotive SPICE® [19] Plug-In concept introduced in Automotive SPICE<sup>®</sup> version 3.0. In order to meet copyrights, and not to create redundancy, full process definitions and related indicators in Automotive SPICE<sup>®</sup> have not been included into this document. Instead, references to the currently valid Automotive SPICE<sup>®</sup> version 3.1 are used. Also note that in order for Automotive SPICE<sup>®</sup> to also represent an actual mechatronic or ECU system level, necessary changes to Automotive SPICE<sup>®</sup> are advised in Annex C.



Figure 2 – Sketch of the plug-in concept, based on the corresponding Figure in [19]

■ can be used standalone for the assessment of process capability of hardware development only. In such a case, any reference to Automotive SPICE® PRM/PAM elements, or any other system level aspects above the HWE PRM/PAM, do not apply.

# 3 Key Concepts

# 3.1 Recollection – Understanding of a PRM

A PRM/PAM are at the level of the WHAT by abstracting from any HOW level, see Figure 3:



Figure 3 – Levels of abstraction of a PRM/PAM according to [19] clause 3.3.3

A 'process' in a PRM according to [4] groups a set of coherent and related characteristics of a particular technical topic at the WHAT level ('distinct conceptual silo'). As a consequence:

A PRM/PAM does not represent or demand a particular lifecycle model. Generally, a process lifecycle model, among other elements, defines a logical order of phases, activities, workflows, and parallelisation. Lifecycle models therefore are a concept of a HOW level. For example, this is made visible in Automotive SPICE<sup>®</sup> MAN.3 Project Management BP2 "Define project life cycle".

A HOW level will detail out a lifecycle model by denoting a company's or HW department's proceedings such as describing the organisational interactions and interfaces, roles, tool chains, and documents. In this respect, it is the assessor's responsibility to perform a mapping of elements in such a HOW level to the Assessment Indicators in the PAM (see [19] clause 3.3.3), see Figure 4.



Figure 4 – mapping of Assessment Indicators, according to [19] clause 3.3.3

The processes in a PRM or PAM do not represent product hierarchies, i.e. neither are the Automotive SPICE SYS.x processes supposed to solely represent a particular level only (e.g. mechatronic system, drive, or ECU), nor does the HWE PRM/PAM represent an ECU level (see clause 2). In order to explicitly address the process capability of distinct product hierarchy levels, corresponding process instances would have to be defined in the assessment scope (see [20] clause 1.2), as illustrated in Figure 5.





# 3.2 Rationales, General

### 3.2.1 Rationale 1 – No Production Process

This document defines a Process Reference Model (PRM) and Process Assessment Model (PAM) for Hardware Engineering and is therefore not intended to define an assessment model for production processes.

To avoid redundancies and potential inconsistencies with other international standards having production in scope such as IATF 16949, PRM and PAM counterparts of production processes are not included at all.

Correspondingly, there is no process for prototype and sample construction/workshops (German: 'Musterbau') either.

For these reasons, 'process interfaces' to the production domain are required. In this HWE PRM/PAM this is achieved by means of

- output work product characteristics for HWE.2:
  - 11-HW01 Hardware Production Data
  - 11-HW02 Special Characteristics
  - 04-HW04 Bill of Materials
- the BP 'Ensure use of compliant samples', including comprehensive Notes, for HWE.3 and HWE.4

### 3.2.2 Rationale 2 – No Procurement Process

Further, no hardware element procurement process is introduced in this HWE PRM/PAM for the following reasons:

- HW development is requirements-driven. Therefore, what matters is compliance to the requirements for the respective environment, irrespective of the source from which HW parts are obtained. Verification (HWE.3, HWE.4) will demonstrate that the physical product or sample is compliant with the HW design and with HW requirements.
- There is no predefined standard for procurement at the level of abstraction of a PRM/PAM beyond what is IATF 16949. Thus, defining a procurement process here would have required the cooperation with other parties competent in the procurement domain. The identification of, and collaboration with, such would have significantly delayed the HW PAM publication date.

A 'process interface' to procurement can be considered existent by means of

■ BP 'Develop hardware detailed design' in HWE.2, together with Note 8.

# 3.3 Rationales for HWE.1

### 3.3.1 Rationale 3 – Requirements Characteristics at CL1

The state-of-the-art in requirements engineering (reflected in standards such as ISO IEEE 29148 [25] or ISO 26262-8:2018) requires each single requirement to reveal particular characteristics in order to actually represent a requirement (see also clause 3.6 here). Only one of these is 'verifiability'.

For this reason, HWE.1.BP1 is appended with '...according to state-of-the-art characteristics for requirements' together with Note 2. This is because a requirements specification not following the state-of-the-art

- introduces significant process risk in terms of giving rise to systematic faults, especially in downstream design, realisation, and verification activities, and
- thus, can hardly represent a full achievement of a requirements process purpose at CL1.

Correspondingly, in HWE.1.BP3 there is no term 'verifiability'; the reason is requirements that are non-compliant with such characteristics would probably lead to a downrating of both BP1 and BP3. This would represent double punishment which would not be consistent with the philosophy of a process assessment model.

Note that this strengthening of HWE.1.BP1 is not in conflict, or an overlapping, with GP 2.2.1 of CL2. Reasons:

- GP 2.2.1 addresses more than quality criteria such as structural requirements (e.g. by means of templates), checklists etc.
- In [21] it has already been suggested, and explained, for the
  - requirements-oriented processes SYS.2 and SWE.1
  - design-oriented processes SWE.2 and SWE.3

which quality criteria exactly are to be tied to the process purpose at CL1, and which quality criteria are relevant in the context of GP 2.2.1 at CL2, and why.

### 3.3.2 Rationale 4 – No Extra Verification Criteria Base Practice

The Automotive SPICE® v3.1 PAM explains the 'verification criteria' concept as follows:

'BP5. Develop the verification criteria for each software requirement that define the qualitative and quantitative measures for the verification of a requirement. [OUTCOME 2, 7]

NOTE 6: Verification criteria demonstrate that a requirement can be verified within agreed constraints and is typically used as the input for the development of the software test cases or other verification measures that should demonstrate compliance with the software requirements.

The BGB [20] elaborates on this in clause 2.1.3 by explaining:

Verification criteria are not the same as test cases, but are input to them. Verification criteria are necessary ... to understand the preconditions for the test of a single requirement or a set of requirements. The requirements engineer should share this knowledge with the tester through the verification criteria.'

Based on this, in practice there have been two views on what verification criteria can represent:

View 1. The characteristic of 'verifiability' of each requirement.

View 2. There may be 'explicit additional verification criteria' on top of what a requirement already says, and that are passed on, such as '*Identification of a verification method or verification step (e.g. software test, system test) is necessary, ... special test methods, environments, ...*' [BGB [20], clause 2.1.3.1].

Recall that view (1.) is covered by HWE.1.BP1 (see 'Rationale 3 – Requirements Characteristics at CL1').

A critical observation in practice regards to view (2.) however is:

- It is optional. It cannot be considered a *mandatory* part of a requirements process purpose to provide suggestions on verification or testing. Therefore, this should not be a part of a base practice because according to ISO/IEC 33004 in a PAM a base practice is a normative indicator<sup>1</sup>.
- Preconditions', 'verification methods', 'verification environment' are testing concerns, and therefore are a part of a test specification or verification strategy. These are not requirements concerns. This observation is further supported by the following facts: the BGB rules for verification criteria technically overlap
  - with those for SWE.6.BP1
  - with those for SYS.5.BP1 (see [20] clauses 3.11.1.1 and 3.5.1.1)

This would mean that, firstly, in absence of any verification environment and methods, BP1 of both SWE.1 and SWE.6 (or SYS.2 and SYS.5 respectively) would have to be downrated, which would mean double punishment. Secondly, such an overlap appears inconsistent with the definition of PRMs and PAMs in ISO/IEC 15504-2 and ISO/IEC 33004, that two processes are to be two distinct lifecycle process concerns (see clause 3.1 for more explanation).

For the reasons above, in this HWE PRM/PAM there is no 'verification criteria' base practice on top of what

- HWE.1.BP1 already requires, which does include view 1
- BP1 in HWE.3 and HWE.4 already require, capturing view 2

### 3.3.3 Rationale 5 – No Usage of Terms Functional and Non-functional Requirement

There is no internationally agreed definition of the terms 'functional' and 'non-functional' (see various definitions and references below).

Assuming the definition in ISO IEC IEEE 29148 [25] and IREB CPRE [26], the terms 'functional' and 'non-functional' do not need to be used as a classification criterion, as this does not change anything in regards to e.g. subsequent requirements traceability, test case derivation etc.

However, there is a frequent need of having both functional and non-functional information in a

<sup>&</sup>lt;sup>1</sup> Also, the intacs<sup>™</sup> standardised course materials for Provisional Assessor qualification [29] explains why it is neither consistent with ISO/IEC 330xx or ISO/IEC 15504, nor good practice, to replace a BP rating by 'n.a.'. Also, rating this BP as Fully in absence of any such optional suggestions appears artificial in the light of base practices being defined as mandatory process performance indicators.

single requirement. This is what Note 1 and Note 8 in HWE.1 hint at.

Example:

■ #1 "The ECU shall be able to receive 100 to 110 bus messages per 1 [sec.]"

This requirement is complete, unambiguous, and verifable. Without the information of "100 to 110 bus messages per 1 [sec.]" the requirement would not be

- unambiguous because, from an architectural design perspective, it does matter how many messages must be able to be processed in a given timeframe,
- clearly verifiable because testing for the ability to receive a single message in a week's time or in 10 ms would both satisfy the functional content of the requirement.

Also, a situation that can be encountered is making two requirements out of it, such as

- #1a "The ECU shall be able to receive bus messages" (which can be viewed as "functional" acc.to ISO IEC IEEE 29148 [25])
- #1b "When receiving bus messages, the ECU shall be able to receive 100 to 110 per 1 [sec.]" (which can be viewed as "non-functional" acc.to ISO IEC IEEE 29148 [25] or "quality requirements acc.to IREB CPRE [26])

This would add requirements specification complexity without compelling additional value. Therefore, BP1 only refers to 'requirements' to cover the whole range of required information.

The following definitions can be found:

**ISO/IEC IEEE 29148** [25] defines in clause 5.2.8.3:

- 'Functional/Performance. ... describe the system or system element functions or tasks to be performed by the system. ...'
- Quality (Non-Functional) Requirements. Include a number of the 'ilities' in requirements to include, for example, transportability, survivability, flexibility, portability, reusability, reliability, maintainability and security.'

### The IREB CPRE [26] says that

- 'Non-functional *requirements*' is an umbrella term and, thus, represents 'quality requirements' or 'constraints'.
- Quality requirements are said to be e.g. performance, reliability, usability, portability.

In ISO/IEC IEEE 24765 [27] the following can be found:

- There are two definitions for 'functional requirement':
  - 1. 'A statement that identifies what a product or process must accomplish to produce required behaviour and/or results'
  - 2. 'A requirement that specifies a function that a system or system component must be able to perform'
- The definition of 'non-functional requirement' is

'A <software> requirement that describes not what the <software> will do but how the

<software> will do it.'

■ Non-functional requirements are further claimed to be synonymous to 'design constraints'.

### Automotive SPICE<sup>®</sup> [19]

- refers to the ISO IEC IEEE 24765 definition of 'functional'
- while not providing a definition of, or reference to another definition of, 'non-functional'

The **BGB** [20] says in clause 2.2.4.1 that

• ...non-functional requirements include for example quality requirements ... which are often used as criteria for acceptance tests.'

The systems engineering INCOSE Guide for Writing Requirements [28] informs:

'Types of requirement. Requirements that address capability and function may be expressed in a different manner to constraints and requirements specifying other system properties (often confusingly called 'non-functional' requirements – a term that will not be used again in this guide). The guide is intended to cover the whole range of requirement types.'

# 3.4 Rationales for HWE.2

# 3.4.1 Rationale 6 – One HW Design process (no separation between HW Architectural Design and HW Detailed Design)

In actual practice

- HW architectural design begins at the block diagram level, being the starting point for the detailed design. Detailed design is the level of information from which physical HW instances can be created, i.e. initial block diagrams do not reveal that level of detail.
- The entire HW designing process is performed iteratively. Technical details that originate from lower design levels such as schematics or layout (detailed design) might be added to block diagram models (architectural design) in order to provide further information for distinct verification and testing that are aimed to be done at the architectural level.

Further, note that the following assumptions would not serve as a motivation for separating HW architectural and detailed design at the level of a PRM:

- 1. "In their development processes companies may have extra activities for architectural and detailed design, mostly done iteratively with HW detailed design."
  - A PRM/PAM does not represent a lifecycle model, see clause 3.1.
  - A PRM/PAM is at the process-WHAT-level, while processes in companies are at the process-HOW-level. Therefore, it is the assessor's responsibility to map Assessment Indicators in a PAM need to the assessed context. See clause 3.1.

- 2. "Two processes would provide a better overview, i.e. a more orderly partitioning of topics"
  - A PRM/PAM, by definition, does not represent a lifecycle model. Therefore, it is the assessor's responsibility to map Assessment Indicators in a PAM to information presented by projects and organisational units, see clause 3.1.
  - HWE.2 has 10 BPs which is not extensive (some Automotive SPICE® v3.1 processes have 10 or more BPs, e.g. MAN.3, MAN.6, ACQ.11, ACQ.12, ACQ.13, SPL.2)

Also note that this HWE PRM/PAM does not represent an ECU level (see clauses 2 and 3.1).

For these reasons, at the level of a PRM, there is no necessity to separate HW Architectural Design and HW Detailed Design into two processes. The BPs needed to assess architectural and detailed design remain within HWE.2.

This is also consistent with the following models and standards:

- ISO 26262-5 [13]
- Swedish Standard SS 7740:2018<sup>2</sup>
- PISA<sup>3</sup>
- AIDA<sup>4</sup>

### 3.4.2 Rationale 7 – No System Hardware Process

In contrast to the Mechanical SPICE PAM [23], the HWE PRM/PAM does not consider a 'system hardware process' above HWE.2:

- See the reasons discussed above on 'Rationale 6 One HW Design process (no separation between HW Architectural Design and HW Detailed Design)'.
- See the explanations on the interpretation of the proper system level clause 3.7.

### 3.4.3 Rationale 8 – Mentioning of Special Characteristics

In this HWE PRM/PAM document, special characteristics are

■ directly represented by '11-HW02 Special characteristics'

<sup>&</sup>lt;sup>2</sup> The choice of the Swedish Standard SS 7740:2018 (being a PRM/PAM aiming for integrating elements from Automotive SPICE<sup>®</sup> PRM v 4.5 and PAM v2.5, and particular process-related clauses in ISO 26262:2011 1<sup>st</sup> Ed) was to also have a single hardware design process only (SE.ENG.5). This single process comprises BPs for both hardware architectural design and hardware detailed design.

<sup>&</sup>lt;sup>3</sup> In the PISA model (Process Improvement Scheme for Automotive, as proposed by the System & Software Evaluation Center, National Research Council of Italy), the "hardware segment" consists of four processes. Only one of them "...pertains to the definition of electronics design, including the preparation of the physical layout", namely HW1. There is no separation into HW architectural design and hardware detailed design at the process level; a distinction between HW architectural and detailed design is internal to HW.1.

<sup>&</sup>lt;sup>4</sup> Similarly to the Swedish standard SS7740, the Italian AIDA model explains itself both as a reference for reaching compliance with ISO 26262 and as a PAM for processes assessment. It defines a single PRM process "hardware design", i.e. no separation of a HW architectural and detailed design; the process "hardware architectural metrics" only covers the ISO 26262 clauses on HW architectural metrics and evaluation of safety goal violations due to random hardware failures.

required to be identified in HWE.2.BP6 "Evaluate the hardware architecture and the hardware detailed design"

In contrast to [23], in this HWE PRM/PAM document special characteristics do not receive their own dedicated BP. Reasons are that special characteristics are

- not the only concern that arises from hardware design evaluation
- very important, though not more significant than other aspects

### 3.4.4 Rationale 9 – Evaluate Instead of Verify

In [23] for the architecture and design-oriented processes a BP was introduced about 'Verify ... design', the purpose of which is to ensure that the mechanical architectural design and mechanical component design, respectively, meet the 'upper-level requirements'.

In this HWE PRM/PAM such a base practice is not introduced in favour of an 'evaluate design' BP. The reasons are that verifying whether a design meets the requirements

- is already represented by the BPs on 'consistency', 'allocate', and 'traceability' together with the directives in the BGB [20] clause 2.1.1
- as such does not address the necessity of evaluating a design in terms of unearthing further issues or critical findings during design creation (e.g. a FMEA can identify risks that give rise to new requirements not coming from the system level, design changes, and additional test cases etc.)

### 3.4.5 Rationale 10 – No BP on Evaluating Alternative Architectures

For HWE.2 a base practice 'Evaluate alternative architectures' has not been introduced for the following reason:

■ HWE.2.BP1 requires to describe the rationale for the decided hardware architecture. It is considered of higher practical value to give arguments why a given design was chosen rather than particularly explaining which other approaches were not chosen. Further, it can be considered that the former implies the latter.

# 3.5 Rationales for HWE.3 and HWE.4

# 3.5.1 Rationale 11 – ISO 26262 Evaluation of HW Elements is not an alternative for HWE.3 and HWE.4

The processes in this PAM

- do not take a single HW element perspective. This is because 'hardware element' in this PAM can denote a HW part, a HW component, or the complete hardware (see Section 1.8).
- are not restricted to safety-related products or contexts, so for hardware development this HWE PRM/PAM, respectively, represents what ISO 26262 calls 'evidence of compliance with standards that support quality management' [ISO 26262-8:2018 clause 5.3.2 example 2].

Clause 13 in ISO 26262-8:2018 addresses how to proceed with a procured individual HW element that is supposed to be used in a safety-related product. Therefore, hardware part evaluation according to ISO 26262-8:2018 clause 13 is complementary to this HWE PRM/PAM and does not contradict it.

### 3.5.2 Rationale 12 – HW Integration

Integration in terms of software or mechanical lifecycle processes is understood as a stepwise assembly of a product, and performing tests along, or in between, the assembly steps. This notion is not always applicable per se to hardware development. Rather, a HW often is fully assembled first, and then HW testing is performed on the fully assembled hardware by e.g. using measuring points inside the HW to test the inputs and outputs with variations.

Further, testing of a single HW element always includes the testing of the interfaces as such tests need electrical input signals and output load. This means, there is no conceptual distinction between 'testing a single HW element in isolation' and 'testing interfaces between HW elements.

Thus, in order to avoid confusion and speculation we do not use the term 'integration' in the context of HWE.3.

The processes HWE.3 and HWE.4 can be mapped to ISO 26262-5 [13] clause 10.

See also Rationale 6 – One HW Design process (no separation between HW Architectural Design and HW Detailed Design).

# 3.5.3 Rationale 13 – Choice of the term 'Verification' for right-hand side HWE Processes

During the development of Automotive SPICE®, the VDA Working Group 13 suggested that SYS.4 "System Integration Testing" and SYS.5 "System Qualification Testing" should remain testing processes, and that any other verification approach (that can also be considered applicable at the system level such as measurements, simulations etc.) should be dealt with in the context of SUP.2 "Verification". Reasons were e.g. downward compatibility to Automotive SPICE® 2.5.

However, in this document the right-hand side HWE processes cover testing as well as measurements, calculations, simulations, reviews, and analyses and therefore are called 'verification'.

The reasons are:

- The intacs<sup>™</sup> HWE PRM/PAM working group has no means to change Automotive SPICE<sup>®</sup>, and for copyright reasons does not intend to copy entire process definitions from Automotive SPICE<sup>®</sup> (such as SUP.2) to be enhanced. Therefore, there would have been no intuitive way in this document to convey to the assessor how a ready-to-use adaptation of SUP.2 would be formulated.
- 2. In HW development, testing is neither the only nor the main verification approach. Therefore, separating testing from other verification measures would
  - not intuitively reflect the current state-of-the-art HW development;
  - increase reading complexity and reduce assessment efficiency as, during an assessment, indicators in two different processes would have to be looked at consistently.
- 3. Automotive SPICE® allows for an exception for the software sub-domain: in SWE.4 'Unit Verification' a SW unit can be verified coherently by means of a combination of static verification, testing, or code reviews (a view that is also reflected in ISO 26262-6 [14] clause

9)<sup>5</sup>. The HWE PRM/PAM, also being a sub-domain, correspondingly adopts this view (see 2. above).

4. The concept of separating SYS.4 'System Integration Testing' and SYS.5 'System Qualification Testing' from other verification aspects at the system level, as well as in the PAM for mechanical engineering [6], can still be maintained. Allowing an integrated and coherent verification approach for processes in the software and hardware sub-domains technically does not interfere with that.

### 3.5.4 Rationale 14 – ISO 26262-8 Verification Planning vs. HWE PRM Outcome 'Strategy'

The aspects listed in BP1 'strategy' of both HWE.3 and HWE.4 are mapped to ISO 26262-8 clause 9.4.1.1 'Verification Planning'. This could delude the reader into thinking that this PAM would erroneously reference PA 2.1 aspects at CL2. However, this is only a matter of naming. Conceptually, ISO 26262-8 clause 9.4.1.1 does relate to what a SPICE PRM/PAM call 'strategy'.

# 3.6 Addressing the Mixture of Requirements and Design

A requirement denotes a feature of an element from an external black-box perspective, at a given level of abstraction. In contrast, design denotes the technical solution in the white-box for the same element at the same level of abstraction. Requirement thus describe the 'What' while design describes the 'How' for a given element at the same level of abstraction (see 3.1).

What can be encountered in the automotive industry is that a document titled 'requirements', e.g. from a customer,

- mixes different levels of abstractions
- contains white-box (i.e. design-restricting) statements
- contains statements that are not in the delivery scope of the supplier

Therefore, it is recommended to put great emphasis on Automotive SPICE® SYS.1, especially BP2 and BP3:

- BP2 "Understand stakeholder expectations. Ensure that both supplier and customer understand each requirement in the same way"
- BP3 "Agree on requirements. Obtain an explicit agreement from all relevant parties to work on these requirements"

Thus, it is suggested that the stakeholder input (e.g. a customer specification) should be sorted in such a way that the conceptual difference of requirements and design is preserved, and the information is allocated to appropriate work products at the proper level of abstraction (see Figure 6).

<sup>&</sup>lt;sup>5</sup> ISO 26262-5:2018 presents a 'hybrid view' here: on the one hand, the title of ISO 26262-5 clause 10 being 'HW integration and verification' instead of 'testing' was deliberately chosen. On the other hand, the method tables in clause 10 are related to 'testing'. Then again, however, clause 10.4.1 clearly says that any hardware verification activity shall be performed in accordance with ISO 26262-8:2018, clause 9 which is about verification in general terms. ISO 26262-8:2018 clause 9 'Verification' is clear on that it addresses both the left and right branches of the V model, thereby representing an umbrella term comprising testing, verification reviews (an ISO 26262 term associated with quality assurance of work products) etc.



Figure 6 – Reallocation of stakeholder requirements

# 3.7 Notion of 'System' above HWE Processes

The Scope of this HWE PRM/PAM (see clause 2) was designed to be able to serve as a candidate for a hardware plug-in solution proposal for Automotive SPICE<sup>®</sup> (see clause 2). In turn, Automotive SPICE<sup>®</sup> provides system level processes (SYS.x) which are generic, i.e. are not bound to a particular system boundary (see also clause 3.1).

Therefore, the system boundary for

- 1. A **semiconductor supplier** would be e.g. a microcontroller or a system-on-chip. This system boundary should be reflected in the Automotive SPICE® SYS processes because besides hardware it typically comprises a mechanical housing, firmware etc. The HWE PRM/PAM should then be used to reflect the hardware-related interior of this system. In this context, the definition of 'hardware part' and 'hardware component' can represent ISO 26262's notions of 'hardware subpart' and 'hardware elementary subpart'.
- 2. A **control device supplier** would be the ECU. This system boundary should also be reflected by the Automotive SPICE® SYS processes because it typically comprises hardware, software, housing, connectors etc. In consistency with the scope of this document, the HWE PRM/PAM should then be used to reflect development of the fully assembled PCB. In this respect, the definitions of 'hardware part' and 'hardware component' in this document apply.
- 3. A **mechatronic system supplier** would be the mechatronic product. Both the mechatronic system boundary and the ECU system boundary would be reflected by separate process instances of the Automotive SPICE® SYS processes in a decomposed manner. To the ECU system boundary within the mechatronic system the considerations in 2. above apply.

# 3.8 Agile Approaches

This HWE PRM/PAM is not in contradiction with any agile principles, approaches, or practices. See [20] clause 2.2.2 'Agile Environments' and [30] for the detailed explanations and arguments.

# 3.9 ISO 26262 Mapping

### 3.9.1 References

References are made to ISO 26262 Parts 5, 8, 9, and 11 [13], [15], [16], [17]. Note that only references can be made to ISO 26262 clauses that have, or contain, a process-related content<sup>6</sup> or define ISO 26262 terminology; the reason is that a PRM/PAM generally define process principles but not technical or method requirements (see ISO/IEC 33004 [4], and the differentiation between the WHAT and the HOW levels in [19]). This should facilitate the mutual consideration, or even mutual reuse, of SPICE assessment and safety audit results for the purpose of making such (e.g. combined) process assessments and safety audits more efficient while reducing interview effort. See also ISO 26262-2 [11], clause 6.4.11.4, f), Notes 3 and 4 here. These references are meant neither to represent nor to trigger a model fusion, nor to suggest additional assessment indicators for this PAM. In this respect, the given references are not meant to be exhaustive.

### 3.9.2 ASIL Method Tables

This document does not repeat, or refer to, any table in ISO 26262 part with methods classified by ASILs. Reasons:

- Repeating of method tables in ISO 26262 or any other standard
  - would introduce redundancy
  - might entail a copyright issue
- ISO 26262:2018 clause 4.3 makes it clear that the methods listed in the method tables are only recommendations. This means that any method can be chosen (i.e. not necessarily those recommended or highly recommended in ISO 26262) as long as an argument can be presented that the used methods fulfil the requirements listed in the corresponding ISO 26262 clause above a method table. If such a rationale can be given, a further rationale for omitted methods is not necessary (see clause 4.3 "Interpretation of Tables" in all Parts of ISO 26262:2018from Part 2 to Part 9).

### 3.9.3 ISO 26262 Semiconductor Perspective

This document does not use the terms

- hardware subpart
- hardware elementary subpart

Further, this document does not follow the ISO 26262-1 definitions as is of

<sup>&</sup>lt;sup>6</sup> The German VDA/DIN NA 052-00-32-08 subgroup represents the German national standardization body on Functional Safety according to ISO 26262. This subgroup has classified the ISO 26262 clauses according to a categorisation schema of "process", "technical", "both", "reference". The purpose was to facilitate use cases of combined Automotive SPICE<sup>®</sup> process assessments and safety audits, and mutual consideration of SPICE assessment and safety audit results for the purpose of making such process assessments and safety audits more efficient while reducing interview effort in practice.

- hardware part
- component

#### Reasons:

The ISO 26262:2018 terms 'hardware subpart' and 'elementary subpart' were introduced in Part 1 order to support ISO 26262-11:2018 and align it with ISO 26262-5:2018. Correspondingly, the ISO 26262 term 'hardware part' is explained as a '*portion of a hardware component at the first level of hierarchical decomposition*' above 'hardware subpart' and 'elementary subpart'<sup>7</sup>. Hierarchical decomposition of elements is a concept also supported in this document (note: 'hierarchical decomposition' does not relate to ASIL decomposition in ISO 26262:2018).

Perspectives on how to understand a system level above the HWE processes, see clause 3.7.

### 3.9.4 ISO 26262-1 term 'Item'

The term 'item' is defined fundamentally differently in ISO 262626 and Automotive SPICE®. In this document, we follow the Automotive SPICE® definition for the following reasons:

- a) This document is an ISO/IEC 33004 [4] compliant PRM/PAM (see section Annex B), just as Automotive SPICE®, while ISO 26262 is not. Further, this HWE PRM/PAM document can be used as a plug-in proposal for the Automotive SPICE® plug-in concept. It is thus meaningful to be primarily consistent with the Automotive SPICE® terminology.
- b) This document includes a PRM/PAM for electrical and electronic elements (see clause 2 and a) above). The term 'item' in ISO 26262 rather relates to the system or product level.

# 3.10 Automotive SPICE<sup>®</sup> PAM

### 3.10.1 Traceability and Consistency

The traceability and consistency within the HWE PRM/PAM, and in connection with Automotive SPICE® processes, is as depicted below.

<sup>&</sup>lt;sup>7</sup> In [19] neither the definition of 'component' nor 'software component' mentions the possibility of hierarchical decomposition.



Figure 7 – Traceability and consistency in the HWE PRM/PAM in relation to Automotive SPICE®



### 3.10.2'Agree' and 'Summarise and Communicate'

Automotive SPICE<sup>®</sup> [19] Annex D.5 applies correspondingly.

### 3.10.3 'Evaluate', 'Verification Criteria', and 'Ensuring compliance'

Automotive SPICE<sup>®</sup> [19] Annex D.6 applies correspondingly for HWE processes in this document. However, note the 'Rationale 3 – Requirements Characteristics at CL1'.

### 3.10.4 The relation between 'Strategy' and 'Plan'

Automotive SPICE<sup>®</sup> [19] Annex D.7 applies correspondingly.

# 3.11 VDA BlueGoldBook 'Automotive SPICE® Guidelines' [20]

### 3.11.1 Assessment Scoping

Sections 1.1 and 1.2 [20] apply to this document as is.

### 3.11.2 Rating Practice

Section 1.3 in [20] apply to this document as is.

### 3.11.3 Rating Text Patterns

Section 1.4 in [20] also applies.

### 3.11.4 Rating Rules and Recommendations

The rules (RLs and RCs) in the following clauses in the BGB [20] apply correspondingly to the HWE PRM/PAM:

- 2.1.1
- 2.1.2
- 2.1.4

# 4 Process Reference Model, Performance Indicators (CL1), Rating Rules, Rating Recommendations

See 'Rationale 1 – No Production Process'.

See 'Rationale 2 – No Procurement Process'.

### Editorial guidance

The processes in the process dimension can be drawn from the PRM, which is incorporated in the tables below indicated by a red bar at the left side.

Analogously to Automotive SPICE<sup>®</sup>, each table related to one process in the process dimension contains the PRM (indicated by a red bar at the left side) and the process performance indicators necessary to define the PAM. The process performance indicators consist of BPs (indicated by a green bar) and output work products (indicated by a blue bar). Note that if an output work product indicator given here does not appear in Annex A then it represents the corresponding work product indicator in Automotive SPICE<sup>®</sup> [19].

Rating rules and recommendations are presented separately as they are not an element of a PRM or PAM [4].

# 4.1 HWE.1 – Hardware Requirements Analysis

Refer to rationales in clause 3.3 and to clause 3.6.

| Process ID          | HWE.1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |  |
|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|
| Process name        | Hardware Requirements Analysis                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |
| Process purpose     | The purpose of the Hardware Requirements Analysis process is to<br>transform the hardware-related system requirements or stakeholder<br>requirements, and hardware-related system architectural design, into a<br>set of hardware requirements.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |  |
| Process<br>outcomes | <ul> <li>As a result of successful implementation of this process:</li> <li>1) The hardware requirements to be allocated to the hardware elements of the system and their interfaces are defined.</li> <li>2) Hardware requirements are categorised and analysed.</li> <li>3) The impact of hardware requirements on the operating environment is analysed.</li> <li>4) Prioritisation of hardware requirements is defined.</li> <li>5) The hardware requirements are updated as needed.</li> <li>6) Consistency and bidirectional traceability are established between system requirements and hardware requirements. Consistency and bidirectional traceability are established between system architectural design and hardware requirements.</li> <li>7) The hardware requirements are evaluated for cost, schedule and technical impact.</li> </ul> |  |



|                | 8) The hardware requirements are agreed and communicated to all affected parties.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Base practices | <b>HWE.1.BP1: Specify hardware requirements.</b> Use the stakeholder<br>and system requirements, and the system architecture including<br>interface definitions, as well as changes to these, to identify the required<br>functions and capabilities of the hardware. Specify hardware<br>requirements including hardware interface requirements in a hardware<br>requirements specification according to state-of-the-art characteristics<br>for requirements. [OUTCOME 1,5]<br>[ISO 26262-5:2018, clauses 6.4.1, 6.4.2, 6.4.5]                                                                                                                                    |
|                | NOTE 1: A single requirement usually needs both 'functional' and 'non-<br>functional' information in it, acc. to the definition of this terms in ISO IEC IEEE<br>29148 [25] or IREB CPRE [26]. For further information see Rationale 5 – No<br>Usage of Terms Functional and Non-functional Requirement.                                                                                                                                                                                                                                                                                                                                                            |
|                | <ul> <li>NOTE 2: Characteristics of requirements are defined in standards such as ISO IEEE 29148 clause 5.2, or ISO 26262-8:2018 clauses 6.4.2.4 and 6.4.3.1. According to these standards characteristics of an individual requirement, and a set of requirements, include being: <ul> <li>verifiable</li> <li>design-free/implementation-free (see clause 3.6 here)</li> <li>unambiguous</li> <li>comprehensible</li> <li>consistent in itself</li> <li>not contradicting any other requirement</li> <li>no redundancy across requirements</li> <li>atomic/singular</li> </ul> </li> </ul>                                                                        |
|                | <ul> <li>defined through language criteria and sentence structure supporting<br/>the above characteristics</li> <li>NOTE 3: In case of hardware development only, the system requirements<br/>and the system architecture refer to a given operating environment (see also<br/>Note 16). In that case, stakeholder requirements should be used as the basis<br/>for identifying the required functions and capabilities of the hardware.</li> </ul>                                                                                                                                                                                                                 |
|                | <ul> <li>NOTE 4: Hardware requirements specify particular desired characteristics of the hardware and can include</li> <li>lifetime and mission profile, lifetime robustness (as, in contrast to software, hardware characteristics are impacted by physical influences which may change the hardware's characteristics over time)</li> <li>maximum price</li> <li>storage and transportation requirements</li> <li>functional behaviour of analog or digital circuits and logic</li> </ul>                                                                                                                                                                         |
|                | <ul> <li>quiescent current, voltage impulse responsiveness to crank, start-<br/>stop, drop-out, load dump</li> <li>temperature, maximum hardware heat dissipation</li> <li>power consumption depending on the operating state such as sleep-<br/>mode, start-up, reset conditions</li> <li>frequencies, modulation, signal delays, filters, control loops</li> <li>power-up and power-down sequences, accuracy and precision of<br/>signal acquisition or signal processing time</li> <li>computing resources such as memory space and CPU clock<br/>tolerances</li> <li>maximum abrasive wear and shearing forces for e.g. pins or<br/>soldering joints</li> </ul> |

| • requirements resulting from lessons learned [ISO 26262-2:2018, clause 5.4.2.6]                                                                                                                                                                                                                  |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| <ul> <li>safety related requirements derived from the technical safety concept<br/>[ISO 26262-5:2018, clauses 6.4.1, 6.4.2]</li> </ul>                                                                                                                                                            |
| NOTE 5: Some numerical values, to be mentioned in complete requirements<br>statements, may only be determined in an evolutionary way by means of e.g.<br>measurements, prototype testing. Incomplete or underspecified aspects<br>should be considered as a risk in HWE.1.BP3                     |
| EXAMPLE: Radio connection at system level                                                                                                                                                                                                                                                         |
| Sender and receiver, 400m away from each other. Both components will require a max. signal-to-noise ratio. However, these values can only be determined in an empirical way. Therefore, exact hardware requirements cannot be defined in the first place.                                         |
| NOTE 6: Hardware requirements are often integrated in superordinate requirements specifications, or spread across several work products, such as customer requirements, system requirements, and industry standards.                                                                              |
| <ul> <li>NOTE 7: Reasons for an update may be e.g.</li> <li>change requests,</li> <li>results of safety analyses [ISO 26262-9, clauses 8.4.3 and 8.4.4] and</li> </ul>                                                                                                                            |
| analysis of dependent failures [ISO 26262-9 clause 7.4]                                                                                                                                                                                                                                           |
| <b>HWE.1.BP2: Structure hardware requirements.</b> Structure the hardware requirements in the hardware requirements specification [OUTCOME 2, 4]                                                                                                                                                  |
| NOTE 8: In regards to classifying requirements into 'funcional' and 'non-<br>functional', acc. to the definition of this terms in ISO IEC IEEE 29148 [25] or<br>IREB CPRE [26], see Rationale 5 – No Usage of Terms Functional and Non-<br>functional Requirement.                                |
| <ul> <li>NOTE 9: Structuring supports the comprehensibility and the managing of requirements, and can be done by e.g.</li> <li>grouping according to HW functionalities</li> <li>grouping according to hardware components, e.g. the hardware</li> </ul>                                          |
| requirements are restructured depending on the allocation in the hardware architecture                                                                                                                                                                                                            |
| <ul> <li>categorising based on relevant criteria for the project such as organisational, technical, legal, and internal topics.</li> <li>categorising according to planned variants of the product.</li> <li>labelling with ASIL attribute [ISO 26262-8:2018, clause 6.4.2.5c)]</li> </ul>        |
| <ul> <li>sorting in a logical order for the project</li> <li>prioritising according to stakeholder needs</li> <li>prioritising through the assignment of hardware content to planned samples or series releases. Refer to Automotive SPICE®</li> </ul>                                            |
| SPL.2.BP1.                                                                                                                                                                                                                                                                                        |
| <b>HWE.1.BP3: Analyse hardware requirements.</b> Analyse the specified hardware requirements including their interdependencies to ensure correctness, technical feasibility, and to support risk identification. Determine the impact on cost, schedule, and the technical impact. [OUTCOME 2, 7] |
| NOTE 10: The analysis of impact on cost and schedule supports the adjustment of project estimates. Refer to Automotive SPICE <sup>®</sup> MAN.3.BP5                                                                                                                                               |

and MAN.3.BP8. For risk identification refer to Automotive SPICE® MAN.5.BP3.

**HWE.1.BP4:** Analyse the impact on the operating environment. Analyse the impact that the hardware requirements will have on interfaces of the system elements and the operating environment. [OUTCOME 3, 7]

NOTE 11: Aspects of the operation environment may be e.g.

- the mounting space and position
- temperature
- humidity
- mechanical stress
- EMC/EMI, or ESD

NOTE 12: Interfaces to the system elements may be e.g.

- connector
- cable harness
- optical/illumination
- voltage/currents
- power supply
- heat dissipation

The system level (e.g. SYS.3 in Automotive SPICE<sup>®</sup>) is responsible for deciding on the connection technology of the interfaces of system elements (crimping, soldering, pressing, etc.).

**HWE.1.BP5: Establish bidirectional traceability.** Establish bidirectional traceability between a single hardware requirement and system requirements. Establish bidirectional traceability between a single hardware requirement and the system architecture. [OUTCOME 6]

NOTE 13: For a particular hardware requirement traceability redundancy should be avoided by establishing a combination of these approaches that covers the project and the organisational needs.

NOTE 14: Bidirectional traceability supports coverage, consistency, and impact analysis.

**HWE.1.BP6: Ensure consistency.** Ensure consistency between system requirements and hardware requirements. Ensure consistency between the system architecture and hardware requirements. [OUTCOME 6]

### [ISO 26262-5:2018, clause 6.4.9]

NOTE 15: Consistency is supported by bidirectional traceability and can be demonstrated by review records.

NOTE 16: In case of hardware development only, the system requirements and system architecture refer to a given operating environment (see also note 13). In that case, consistency and bidirectional traceability have to be ensured between stakeholder requirements and hardware requirements.

NOTE 17: Safety related requirements shall be compliant with system architectural constraints such as

- Fault tolerant time interval [ISO 26262-5:2018, clause 6.4.7]
- Fault handling time interval [ISO 26262-5:2018, clause 6.4.7]
- Multiple-point fault detection interval [ISO 26262-5:2018, clause 6.4.8]

|                         | <b>HWE.1.BP7: Communicate agreed hardware requirements.</b><br>Communicate the agreed hardware requirements and updates to hardware requirements to all relevant parties. [OUTCOME 8]                                                                                                                                                                                                                               |
|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Output work<br>products | 13-04 Communication record $\rightarrow$ [OUTCOME 8]13-19 Review record $\rightarrow$ [OUTCOME 6]13-21 Change control record $\rightarrow$ [OUTCOME 5, 7]13-22 Traceability record $\rightarrow$ [OUTCOME 1, 6]15-01 Analysis report $\rightarrow$ [OUTCOME 2, 3, 4, 7]17-08 Interface requirements specification $\rightarrow$ [OUTCOME 1, 3]17-HW01 Hardware requirements specification $\rightarrow$ [OUTCOME 1] |

# Rating Rules

**[HWE.1.RL.1]** If the hardware requirements specification does not reflect latest changes, the indicator BP1 must not be rated higher than L.

**[HWE.1.RL.2]** If hardware requirements are not derived from system requirements and system architecture but from another reasonable source (e.g. platform requirements, HW being a SEooC according to ISO 26262-10 [17]) according to a reuse strategy the indicator BP1 must not be downrated.

**[HWE.1.RL.3]** If hardware requirements are not verifiable, the indicator BP1 must not be rated higher than P.

**[HWE.1.RL.4]** In case of hardware development only, if the traceability from hardware requirements to stakeholder requirements is established, the indicator BP5 must not be downrated.

**[HWE.1.RL.5]** In case of hardware development only, if the consistency from hardware requirements to stakeholder requirements is ensured, the indicator BP6 must not be downrated.

**[HWE.1.RL.6]** If the specification of hardware requirements (BP1) is rated P or lower, PA 1.1 shall be downrated.

### **Rating Recommendations**

IMPORTANT: the applicability of RCs depends on

- the assessment scope, e.g. 'Process-Related Product Risk' (see [20] clause 1.2.1)
- the process context, e.g. 'Category B Entire Product/Delivery' (see [20] clause 1.2.3)

NOTE: see clause 3.11.1 for a text pattern change

**[HWE.1.RC.1]** If there is no evidence for prioritisation but a release plan consistently maps hardware functionality to future releases the indicator BP2 should not be downrated.

**[HWE.1.RC.2]** If the analysis of correctness and technical feasibility is covered by risk management this should not be used to downrate the indicator BP3.

**[HWE.1.RC.3]** If the analysis of hardware requirements impact on cost and schedule is covered by the estimation of work packages in the project planning this should not be used to downrate the indicator BP3.

**[HWE.1.RC.4]** If PA 1.1 for SYS.2 is downrated, this should be in line with the rating of the indicator BP1.

**[HWE.1.RC.5]** If PA 1.1 for SYS.3 is downrated, this should be in line with the rating of the indicator BP1.

**[HWE.1.RC.6]** If the indicator BP3 is downrated, this should be in line with the rating of the indicators 'determine, monitor and adjust project estimates and resources' (Automotive SPICE<sup>®</sup> MAN.3.BP5) and 'determine, monitor and adjust project schedule (Automotive SPICE<sup>®</sup> MAN.3.BP8)'.

**[HWE.1.RC.7]** If the indicator BP3 is downrated, this should be in line with the rating of the indicator 'evaluate feasibility of the project' (Automotive SPICE<sup>®</sup> MAN.5.BP3).

**[HWE.1.RC.8]** If Automotive SPICE<sup>®</sup> SYS.2 BP1 is downrated, this should be in line with the rating of the indicator BP5.

**[HWE.1.RC.9]** If Automotive SPICE<sup>®</sup> SYS.3 BP1 is downrated, this should be in line with the rating of the indicator BP5.

**[HWE.1.RC.10]** If Automotive SPICE<sup>®</sup> SYS.2 BP1 is downrated, this should be in line with the rating of the indicator BP6.

**[HWE.1.RC.11]** If Automotive SPICE<sup>®</sup> SYS.3 BP1 is downrated, this should be in line with the rating of the indicator BP6.

# 4.2 HWE.2 – Hardware Design

| Process ID          | HWE.2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Process name        | Hardware Design                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| Process purpose     | The purpose of the Hardware Design process is to provide an evaluated design, that is suitable for manufacturing, and to derive production-relevant data.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
| Process<br>outcomes | <ul> <li>As a result of successful implementation of this process:</li> <li>1) A HW architecture and HW detailed design is developed.</li> <li>2) The HW requirements are allocated to the hardware elements and their interfaces.</li> <li>3) The interfaces between the HW elements are defined.</li> <li>4) The dynamic behaviour of the HW elements is defined.</li> <li>5) The HW architecture and the HW detailed design are evaluated.</li> <li>6) Consistency and bidirectional traceability are established between hardware requirements and hardware elements.</li> <li>7) Hardware production data is derived from the HW detailed design and communicated to the affected parties.</li> <li>8) Information for production test is derived from the HW detailed design and communicated to the affected parties.</li> <li>9) Special characteristics are identified and communicated to all affected parties.</li> <li>10) The hardware architecture and the hardware detailed design are communicated to all affected parties.</li> </ul> |

Refer to rationales in clause 3.4 and to clause 3.5.1.

| Base practices | HWE.2.BP1: Develop hardware architecture. Develop the hardware                                                                                                                                                                                                                                                                                                                                        |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| • • • •        | architecture that identifies the hardware components. Describe the rationale for the defined hardware architecture. [OUTCOME 1]                                                                                                                                                                                                                                                                       |
|                | NOTE 1: Hardware design typically starts at an abstract level, using e.g. recursively decomposed block diagrams that identify the HW components.                                                                                                                                                                                                                                                      |
|                | NOTE 2: One purpose of a hardware architectural design is to provide motivation, reasoning, and explanatory context information to other subject matter experts in the hardware domain and product domain, respectively.                                                                                                                                                                              |
|                | <ul> <li>NOTE 3: The appropriate level of architectural detail is driven by e.g.</li> <li>the need for integration of reused hardware components</li> <li>the complexity of the hardware components</li> <li>the allocation of requirements to hardware components</li> <li>the intent for future reuse of hardware components</li> <li>the intent for adaptability of hardware components</li> </ul> |
|                | NOTE 4: The hardware architecture may include a ground concept, supply concept, EMC concept.                                                                                                                                                                                                                                                                                                          |
|                | NOTE 5: Hardware elements might inherit the highest ASIL of corresponding requirements, unless the criteria for coexistence in accordance with ISO 26262-9:2018, clause 6 are met.<br>[ISO 26262-5:2018 clause 7.4.1.4]                                                                                                                                                                               |
|                | <b>HWE.2.BP2: Develop hardware detailed design.</b> Develop a hardware detailed design based on components of the hardware architecture. Identify all hardware parts based on the related requirements. Describe the detailed design for intended hardware variants. [OUTCOME 1, 2]                                                                                                                   |
|                | NOTE 6: A HW detailed design typically comprises schematics, RTL design, PCB characteristics, layouts, bill of materials (BOM), and a sufficiently comprehensive description.                                                                                                                                                                                                                         |
|                | NOTE 7: The identification of hardware parts and their suppliers may be subject to a pre-defined repository. For supplier selection see ACQ.2 in ISO/IEC 33060; see also IATF 16949:2016, clause 8.4.1.2.                                                                                                                                                                                             |
|                | NOTE 8: Hardware design may be subject to constraints such as                                                                                                                                                                                                                                                                                                                                         |
|                | <ul> <li>availability of hardware parts on the market</li> <li>hardware design rules, layout rules</li> </ul>                                                                                                                                                                                                                                                                                         |
|                | <ul> <li>creepage and clearance distances</li> <li>compliance of HW parts with industry standards such as AEC-Q,<br/>REACH</li> </ul>                                                                                                                                                                                                                                                                 |
|                | NOTE 9: Hardware elements might inherit the highest ASIL of corresponding requirements, unless the criteria for coexistence in accordance with ISO26262-9:2018, clause 6 are met.<br>[ISO 26262-5:2018 clause 7.4.1.4]                                                                                                                                                                                |
|                | NOTE 10: In the case of safety-related development, the hardware detailed design should consider the results of safety analyses [ISO 26262-9:2018, clauses 7.4.3] and analysis of dependent failures. [ISO 26262-9:2018 clause 7.4.3.5]                                                                                                                                                               |
|                | <b>HWE.2.BP3: Define interfaces of the hardware elements.</b> Specify and document the interfaces between the hardware elements. [OUTCOME 1, 2, 3]                                                                                                                                                                                                                                                    |
|                | NOTE 11: A hardware element interface is typically defined by output, input, type, and electrical characteristics including signal tolerances.                                                                                                                                                                                                                                                        |
|                | NOTE 12: Examples of interfaces are                                                                                                                                                                                                                                                                                                                                                                   |



| high level interfaces like SPI, I2C, CAN, LIN, Ethernet                                                                                                                                                                                                                                                                                                                                   |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| <ul> <li>electrical interconnections</li> <li>thermal interfaces between hardware elements (heat dissipation)</li> </ul>                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                           |
| HWE.2.BP4: Describe dynamic behaviour. Evaluate and document<br>the dynamic behaviour of the relevant hardware elements and the<br>interaction between them. [OUTCOME 1, 4]<br>NOTE 13: Examples are<br>• transitions between electrical states of hardware parts                                                                                                                         |
| <ul> <li>power-up and power-down sequences</li> </ul>                                                                                                                                                                                                                                                                                                                                     |
| frequencies, modulations                                                                                                                                                                                                                                                                                                                                                                  |
| <ul> <li>signal delays</li> <li>debounce times</li> </ul>                                                                                                                                                                                                                                                                                                                                 |
| • filters                                                                                                                                                                                                                                                                                                                                                                                 |
| <ul> <li>short circuit behaviour</li> <li>self-protection</li> </ul>                                                                                                                                                                                                                                                                                                                      |
| <ul> <li>self-protection</li> <li>NOTE 14: Not all hardware elements have dynamic behaviour that needs to</li> </ul>                                                                                                                                                                                                                                                                      |
| be described.                                                                                                                                                                                                                                                                                                                                                                             |
| NOTE 15: Particular views of the architecture may require a description of the dynamic behaviour of the complete hardware.                                                                                                                                                                                                                                                                |
|                                                                                                                                                                                                                                                                                                                                                                                           |
| <ul> <li>HWE.2.BP5: Allocate hardware requirements. Allocate the hardware requirements to the hardware elements and interfaces of the hardware architecture. [Outcome 2]</li> <li>[ISO 26262-5:2018 clauses 7.4.1.1, 7.4.1.2"]</li> <li>NOTE 16: This allocation typically reflects one direction of bidirectional traceability addressed by HWE.2.BP7</li> </ul>                         |
| NOTE 17: Allocation might be done based on single requirements or cluster<br>of requirements.                                                                                                                                                                                                                                                                                             |
| NOTE 18: Allocation should be on appropriate level of granularity, at least to single hardware components.                                                                                                                                                                                                                                                                                |
| HWE.2.BP6: Evaluate the hardware architecture and the hardware detailed design. Analyse and evaluate the hardware architecture and detailed design against defined quantitative or qualitative criteria, including risks, manufacturability, and verifiability. Identify special characteristics. [OUTCOME 5, 9]<br>[ISO 26262-5:2018 clause 10.4.3, clause 7.4.5 and clause 9.4.1.2 NOTE |
| 2]                                                                                                                                                                                                                                                                                                                                                                                        |
| NOTE 19: Examples for risk evaluation are                                                                                                                                                                                                                                                                                                                                                 |
| <ul> <li>prototype testing</li> <li>simulations</li> </ul>                                                                                                                                                                                                                                                                                                                                |
| <ul> <li>calculations such as 'Weibull distribution', WCCA</li> </ul>                                                                                                                                                                                                                                                                                                                     |
| <ul> <li>qualitative or quantitative analyses such as FMEA, FMEDA/FMECA,<br/>ETA, FTA, DFA</li> </ul>                                                                                                                                                                                                                                                                                     |
| <ul> <li>identification of interference such as temperature, vibrations, water,<br/>dust, EMI, noise factor, crosstalk [ISO 26262-5:2018 clause 7.4.1.7]</li> </ul>                                                                                                                                                                                                                       |
| NOTE 20: Example for manufacturability are                                                                                                                                                                                                                                                                                                                                                |
| <ul> <li>evidence for conformity with production constraints</li> <li>evidence of availability for all hardware parts</li> </ul>                                                                                                                                                                                                                                                          |
| <ul> <li>appropriate knowledge of production technology and their availability</li> </ul>                                                                                                                                                                                                                                                                                                 |



|                         | <ul> <li>NOTE 33: A typical solution that supports the consistency between hardware detailed design and hardware architecture is to draw frames around those hardware parts in the schematic that represent a hardware component.</li> <li>NOTE 34: Ensure safety requirements are considered in hardware architecture. [ISO 26262-5:2018 clause 7.4.1.1]</li> <li>HWE.2.BP9: Communicate all information needed to relevant parties. Communicate the hardware architecture and hardware detailed design and all updates of hardware architecture and hardware detailed design to all relevant parties. Provide relevant production data and special characteristics to the affected parties. [OUTCOME 7, 8, 9, 10]</li> <li>NOTE 35: Interface definitions (e.g. the hardware software interface or interfaces to mechanical elements) might be impacted by hardware architecture and hardware design adaptations. Refer to Automotive SPICE® SYS.3 and SUP.10, respectively. [ISO 26262-5:2018 clause 6.4.10]</li> </ul> |  |  |
|-------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
|                         | NOTE 36: If hazards are identified by the hardware design not yet reflected<br>in the hazard analysis and risk assessment, they need to be communicated<br>to all relevant parties.<br>[ISO 26262-5:2018 clause 7.4.3.6]                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |
|                         | NOTE 37: Production data typically includes the bill of materials (BOM), GERBER data, placement data, mask data (GDS2), and input to e.g. ICT, AOI, AXI, EOL, wafer- or package level test.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |  |  |
|                         | NOTE 38: Information for EOL test might include loads to be used.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |  |  |
|                         | NOTE 39: Production processes are not in the scope of this HWE PRM/PAM.<br>See Rationale 1 – No Production Process                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |  |  |
| Output work<br>products | 04-HW01 Hardware architecture $\rightarrow$ [OUTCOME 1, 2, 3, 4]<br>04-HW02 Hardware detailed design description $\rightarrow$ [OUTCOME 1, 3, 4, 5]<br>04-HW03 Schematics $\rightarrow$ [OUTCOME 1, 3]<br>04-HW04 Bill of materials $\rightarrow$ [OUTCOME 1, 7]<br>04-HW05 Layout $\rightarrow$ [OUTCOME 1]<br>11-HW01 Hardware production data $\rightarrow$ [OUTCOME 7, 8]<br>11-HW02 Special characteristics [OUTCOME 9]<br>13-04 Communication record $\rightarrow$ [OUTCOME 7, 8, 9, 10]<br>13-19 Review record $\rightarrow$ [OUTCOME 6]<br>13-22 Traceability record $\rightarrow$ [OUTCOME 6]<br>15-01 Analysis report $\rightarrow$ [OUTCOME 5]<br>17-08 Interface requirement specification $\rightarrow$ [OUTCOME 3]                                                                                                                                                                                                                                                                                           |  |  |

# **Rating Rules**

**[HWE.2.RL.1]** If manufacturability is not evaluated in the context of the indicator BP6, then PA 1.1 shall be downrated.

**[HWE.2.RL.2]** If the allocation of the hardware requirements to elements of the hardware architecture HWE.2.BP5 is downrated, the indicator BP8 shall be downrated.

# **Rating Recommendations**

IMPORTANT: the applicability of RCs depends on

- the assessment scope, e.g. 'Process-Related Product Risk' (see [20] clause 1.2.1)
- the process context, e.g. 'Category B Entire Product/Delivery' (see [20] clause 1.2.3)

NOTE: see clause 3.11.1 for a text pattern change

**[HWE.2.RC.1]** If HWE.1.PA.1.1 is downrated, this should be in-line with the rating of the indicator BP1.

# 4.3 HWE.3 – Verification against Hardware Design

Refer to rationales in clause 3.5.

| Process ID          | HWE.3                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |  |
|---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|
| Process name        | Verification against Hardware Design                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |  |
| Process purpose     | The purpose of the Verification against Hardware Design process is to<br>ensure that the hardware is verified to provide evidence for compliance<br>with the hardware design.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |  |
| Process<br>outcomes | <ul> <li>As a result of successful implementation of this process:</li> <li>1) A strategy for the verification against hardware design is defined, including a regression strategy consistent with the project plan and release plan, as well as suitable measurement and verification equipment.</li> <li>2) A verification specification is developed according to the strategy for the verification against hardware design that is suitable to provide evidence for compliance with the hardware design.</li> <li>3) Hardware design-compliant samples are received according to the strategy for the verification against hardware design.</li> <li>4) Verification measures included in the specification are selected according to the verification strategy and the release plan.</li> <li>5) Verification is performed using the selected verification measures, and verification results are recorded.</li> <li>6) Consistency and bidirectional traceability are established between hardware elements and verification measures; bidirectional traceability is established between verification measures and verification results.</li> <li>7) Verification results are summarised and communicated to all affected parties.</li> </ul> |  |
| Base practices      | HWE.3.BP1: Develop a strategy for the verification against<br>hardware design. Develop a strategy for the verification against<br>hardware design including<br>a) a definition of the verification scope [ISO 26262-8:2018 clause<br>9.4.1.1 b)]<br>b) the identification of the hardware variants to be verified                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |



| c)                        | a definition of suitable measurement and verification equipment [ISO 26262-8:2018 clause 9.4.1.1 f)]                                                                                                                                                                                                |
|---------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| d)                        | a regression strategy for verifying the hardware [ISO 26262-8:2018 clause 9.4.1.1 i)]                                                                                                                                                                                                               |
| e)                        | a definition of the criteria to select verification measures including<br>- the coverage of new or changed requirements                                                                                                                                                                             |
|                           | - the coverage of change requests                                                                                                                                                                                                                                                                   |
|                           | <ul> <li>the coverage of changes to the device under test</li> <li>the consideration of dependencies, based on the analysis of</li> </ul>                                                                                                                                                           |
|                           | changes - the selection of appropriate verification measures for                                                                                                                                                                                                                                    |
| f)                        | regression verification<br>a definition of the methods for verification measure development                                                                                                                                                                                                         |
| ,                         | including criteria for selection [/SO 26262-8:2018 clause 9.4.1.1 c)]                                                                                                                                                                                                                               |
| g)                        | a definition of how specific requirements regarding verification<br>(e.g. test-specific stakeholder requirements) are covered                                                                                                                                                                       |
| h)<br>i)                  | required sequences of verification steps<br>an approach for the handling of failed verification [ISO 26262-                                                                                                                                                                                         |
| ,                         | 8:2018 clause 9.4.1.1 h)]                                                                                                                                                                                                                                                                           |
| j)<br>[Outc               | an approach for verification measure data handling ome 1]                                                                                                                                                                                                                                           |
|                           | TE 1: The reason for the existence of aspects a) to j) is given in clause 2<br>No separate guideline document'.                                                                                                                                                                                     |
|                           | TE 2: Hardware design includes hardware architecture and hardware ailed design.                                                                                                                                                                                                                     |
| inte                      | TE 3: If HW parts are used, which are not or not yet qualified for the nded use, the HW design verification strategy should include the fication of the calculated or simulated results.                                                                                                            |
| dep                       | TE 4: The suitability of measurement and verification equipment may be<br>endent on e.g. the release stage such as the EMC measurement of early<br>aples intended to be done by non-certified labs.                                                                                                 |
|                           | TE 5: Suitability also addresses special test-software as test environment ning on the hardware.                                                                                                                                                                                                    |
|                           | <i>TE 6: For semiconductor development, the verification strategy should lain which verification activities</i>                                                                                                                                                                                     |
|                           | • are done in the context of design creation addressed by HWE.2 (i.e. pre-silicon verification)                                                                                                                                                                                                     |
|                           | • or otherwise are done at the post-silicon level addressed by HWE.3                                                                                                                                                                                                                                |
| hardw<br>define<br>provid | <b>3.BP2: Develop specification for the verification against</b><br><b>vare design.</b> Develop the verification specification according to the<br>d strategy. The verification specification shall be suitable to<br>e evidence for compliance of the hardware with the hardware<br>h. [Outcome 2] |
|                           | TE 7: This typically includes pass/fail criteria for each verification asure.                                                                                                                                                                                                                       |
| NO                        | TE 8: Measuring points can be used for stepwise testing of hardware ns.                                                                                                                                                                                                                             |
| soft<br>testi<br>for t    | TE 9: The objective is to verify the sole hardware, i.e. without ware/mechanical functionality. Further, hardware-software-interface ing is a system architectural design concern outside HWE.3. However, the purpose of HWE.3 software/mechanical elements might be needed a test environment.     |

NOTE 10: The requirement of using HW parts in the HW design which meet certain characteristics defined e.g. in standards such as AEC-Q ('prequalification') does not necessarily provide evidence that the hardware is compliant with the design in the context of HWE.3. [ISO 26262-5:2018 clause 10.4.3]

NOTE 11: In the case of safety-related development, additional safety-related test cases should be determined by using results of the safety analysis including faults and failure mode information [ISO 26262-9:2018, clause 8.4.7], see also HWE.2.BP6 Notes 23 and 24.

NOTE 12: In case of safety-related development, 'dedicated measures' might need to be considered such as burn-in tests [ISO 26262-5:2018 clause 9.4.1.2 NOTE 2]

**HWE.3.BP3: Ensure use of compliant samples.** Ensure that the samples used for verification against hardware design are compliant with the corresponding production data, including special characteristics. [Outcome 3]

NOTE 13: Received evidence can be e.g. sample reports, record of visual inspection, ICT report.

NOTE 14: Bill of materials-compliance alone does not automatically mean full production data compliance, i.e. design compliance.

NOTE 15: Parties from which samples are obtained can be production, prototype and sample construction/workshops, or build2print-suppliers.

NOTE 16: A produced hardware may have imperfections which can be identified e.g. by means of visual or X-ray inspections, such as footprint/pitch error, incorrect locations of HW parts etc.

NOTE 17: If samples have deviations, or need to be reworked or modified, this information needs to be recorded.

NOTE 18: Production processes themselves are not in the scope of HWE PRM/PAM; the assumption is that the production process itself is done correctly; for the purpose of getting correct samples, only process interfaces to the production processes are in scope. See clause 3.2 for a detailed rationale.

**HWE.3.BP4: Select verification measures.** Select verification measures from the verification specification according to the defined strategy. The selection of verification measures shall

- a) have sufficient coverage according to the strategy for the verification against hardware design and the release plan
- b) consider the intended use of the deliverable item (e.g. for EMV testing, for supporting software testing)
- c) be implemented according to the selection criteria (as defined in the strategy)
- d) be adequately documented
- e) list the adopted criteria

[OUTCOME 4]

NOTE 19: Criteria for selection may be e.g.

- maturity of a requirements implementation
- regression strategy
- prioritisation of requirements

|                         | HWE.3.BP5: Verify hardware design. Verify the hardware design using<br>the selected verification measures according to the defined strategy.<br>Record the verification results including pass/fail status and<br>corresponding verification measure data. [Outcome 5]<br>NOTE 20: See Automotive SPICE® SUP.9 for handling of non-<br>conformances.<br>NOTE 21: Results could support the update of simulation models. |  |  |
|-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
|                         | <b>HWE.3.BP6: Establish bidirectional traceability.</b> Establish bidirectional traceability between the hardware elements and verification measures. Establish bidirectional traceability between the verification measures and verification results. [Outcome 6]<br>NOTE 22: Bidirectional traceability supports coverage, consistency and impact analysis.                                                           |  |  |
|                         | <b>HWE.3.BP7: Ensure consistency.</b> Ensure consistency between hardware elements and the verification measures. [Outcome 6] <i>NOTE 23: Consistency is supported by bidirectional traceability and can be demonstrated by review records.</i>                                                                                                                                                                         |  |  |
|                         | HWE.3.BP8: Summarise and communicate results. Summarise the verification results and communicate them to all affected parties. [Outcome 7]<br>NOTE 24: In the case large amounts of verification data is generated (e.g. automated tests) then a meaningful summary of the verification data as adequate evidence for each verification result can be provided.                                                         |  |  |
| Output work<br>products | 08-HW01 Verification plan $\rightarrow$ [OUTCOME 1]<br>08-HW02 Verification specification $\rightarrow$ [OUTCOME 2, 4]<br>13-01 Acceptance record $\rightarrow$ [OUTCOME 3]<br>13-04 Communication record $\rightarrow$ [OUTCOME 7]<br>13-19 Review record $\rightarrow$ [OUTCOME 6]<br>13-22 Traceability record $\rightarrow$ [OUTCOME 6]<br>13-HW01 Verification result $\rightarrow$ [OUTCOME 5, 7]                 |  |  |

# Rating Rules

**[HWE.3.RL.1]** If the strategy for verification against hardware design does not cover all aspects in BP1, the indicator BP1 must not be rated F.

**[HWE.3.RL.2]** If the test implementation using automation does not cover the following aspect, the indicator BP5 must not be rated F:

Correctness, completeness, and consistency of test scripts and test programs with respect to the test cases assigned to an automated test in the verification specification.

**[HWE.3.RL.3]** If the verification results contain only a pure passed/failed information without supporting verification measure data, the indicator BP5 must not be rated higher than P.

# **Rating Recommendations**

No rating recommendations.

# 4.4 HWE.4 – Verification against Hardware Requirements

Refer to rationales in clause 3.5.

| Process ID          | HWE.4                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |  |
|---------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|
| Process name        | Verification against Hardware Requirements                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |
| Process purpose     | The purpose of the Verification against Hardware Requirements process<br>is to ensure that the complete hardware is verified to provide evidence<br>for compliance with the hardware requirements.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |
| Process<br>outcomes | <ul> <li>As a result of successful implementation of this process:</li> <li>1) A strategy for verification against hardware requirements including regression strategy consistent with the project plan and release plan is developed, and suitability of measurement and verification equipment is ensured.</li> <li>2) A specification for verifying the hardware according to the strategy for verification against hardware requirements is developed that is suitable to provide evidence for compliance with the hardware requirements.</li> <li>3) Hardware design-compliant samples are received according to the strategy for verification against hardware.</li> <li>4) Verification measures included in the verification specification are selected according to the verification strategy and the release plan.</li> <li>5) The hardware is verified using the selected verification measures and the results of hardware requirements verifications are recorded.</li> <li>6) Consistency and bidirectional traceability are established between verification measures and hardware requirements; bidirectional traceability is established between verification results.</li> <li>7) Verification results are summarised and communicated to all affected parties.</li> </ul> |  |
| Base practices      | <ul> <li>HWE.4.BP1: Develop a strategy for the verification against hardware requirements. Develop a strategy for the verification against hardware requirements consistent with the project plan and the release plan including <ul> <li>a) a definition of the verification scope [ISO 26262-8:2018 clause 9.4.1.1 b)]</li> <li>b) identification of the hardware variants to be verified</li> <li>c) definition of suitable measurement and verification equipment [ISO 26262-8:2018 clause 9.4.1.1 f)]</li> <li>d) a regression strategy for verifying the hardware [ISO 26262-8:2018 clause 9.4.1.1 f)]</li> <li>e) a definition of the criteria to select verification measures including <ul> <li>the coverage of new or changed requirements</li> <li>the coverage of change requests</li> <li>the coverage of changes to the device under test</li> </ul> </li> </ul></li></ul>                                                                                                                                                                                                                                                                                                                                                                                                     |  |

| change                                                                                                       | onsideration of dependencies, based on the analysis of s<br>s<br>selection of appropriate verification measures for                                                                                                                                                                                                                                                                                                                                                          |
|--------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| f) a definition<br>including<br>g) a definition<br>(e.g. test-<br>h) required s<br>i) an appro<br>8:2018 cla | selection of appropriate vernication measures for<br>tion verification<br>on of the methods for verification measure development<br>criteria for selection [ISO 26262-8:2018 clause 9.4.1.1 c)]<br>on of how specific requirements regarding verification<br>especific stakeholder requirements) are covered<br>sequences of verification steps<br>ach for the handling of failed verification [ISO 26262-<br>tuse 9.4.1.1 h)]<br>ach for verification measure data handling |
|                                                                                                              | eason for the existence of aspects a) to j) is given in clause 2 guideline document'.                                                                                                                                                                                                                                                                                                                                                                                        |
|                                                                                                              | vare regression verification means verifying that a hardware<br>not been changed, is not influenced by a change of another                                                                                                                                                                                                                                                                                                                                                   |
|                                                                                                              | defined number of verification measures to be repeated on<br>th be defined in the regression strategy as well, e.g. all safety<br>ses.                                                                                                                                                                                                                                                                                                                                       |
| software/mecha<br>elements, or su                                                                            | bjective is to verify discrete hardware functionality, i.e. without<br>anical functionality. However, for that purpose mechanical<br>uitable special test-software running on the hardware, might<br>the verification environment.                                                                                                                                                                                                                                           |
| dependent on e                                                                                               | uitability of measurement and verification equipment may be .g. the release stage such as the EMC measurement of early ed to be done by non-certified labs.                                                                                                                                                                                                                                                                                                                  |
|                                                                                                              | emiconductor development the strategy typically covers both<br>Silicon verification against hardware requirements.                                                                                                                                                                                                                                                                                                                                                           |
| hardware requ<br>according to the<br>a) be suitab<br>with the h<br>b) include a                              | <b>Evelop specification for the verification against</b><br><b>uirements.</b> Develop the verification specification<br>defined strategy. The verification specification shall<br>le to provide evidence for compliance of the hardware<br>hardware requirements<br>definition of entry and exit criteria for the verification                                                                                                                                               |
| [OUTCOME 2]                                                                                                  | typically includes pass/fail criteria for each verification                                                                                                                                                                                                                                                                                                                                                                                                                  |
| more 7. measure.                                                                                             | ניטריאנין וויטעעשי אַמאָזיזמו טוונפוומ וטו פמטו עפווועמווטוו                                                                                                                                                                                                                                                                                                                                                                                                                 |
| hardware agair                                                                                               | safety-related aspects the durability and robustness of<br>ost environmental and operational stress factors should be<br>262-5:2018 clause 10.4.6]                                                                                                                                                                                                                                                                                                                           |
| verification mea<br>analysis includi                                                                         | case of safety-related development, additional safety-related<br>asures should be determined by using results of the safety<br>ing faults and failure mode information [ISO 26262-9:2018,<br>ee also HWE.2.BP6 Note 22                                                                                                                                                                                                                                                       |
|                                                                                                              | <b>nsure use of compliant samples.</b> Ensure that the or the verification against hardware requirements are                                                                                                                                                                                                                                                                                                                                                                 |

| compliant with the corresponding production data, including special characteristics, provided by hardware design. [OUTCOME 3]<br>NOTE 10: Received evidence can be e.g. sample reports, record of visual                                                                                                                                                                                                                                        |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| inspection, ICT report.                                                                                                                                                                                                                                                                                                                                                                                                                         |
| NOTE 11: Bill of materials-compliance alone does not automatically mean full production data compliance.                                                                                                                                                                                                                                                                                                                                        |
| NOTE 12: The party from which samples are obtained can be production, prototype and sample construction or build2print-suppliers.                                                                                                                                                                                                                                                                                                               |
| NOTE 13: If samples have deviations, or need to be reworked or modified, this information needs to be documented.                                                                                                                                                                                                                                                                                                                               |
| NOTE 14: Production processes themselves are not in the scope of HWE PRM/PAM; the assumption is that the production process itself is done correctly; for the purpose of getting correct samples, only process interfaces to the production processes are in scope.                                                                                                                                                                             |
| <b>HWE.4.BP4:</b> Select verification measures. Select verification measures from the verification specification according to the defined                                                                                                                                                                                                                                                                                                       |
| <ul> <li>strategy. The selection of verification measures shall</li> <li>a) have sufficient coverage according to the strategy for the verification against hardware requirements and the release plan</li> <li>b) consider the intended use of the deliverable item (e.g. for EMV testing, for supporting software testing)</li> <li>c) document the used selection criteria (as defined in the strategy)</li> <li>d) be documented</li> </ul> |
| <ul> <li>NOTE 15: Criteria for selection may be e.g.</li> <li>maturity of implementation of requirements</li> <li>regression strategy</li> </ul>                                                                                                                                                                                                                                                                                                |
| • prioritisation of requirements<br>NOTE 16: Calculations and simulations are considered hardware design<br>evaluation activities, see HWE.2 BP6                                                                                                                                                                                                                                                                                                |
| <b>HWE.4.BP5: Verify hardware.</b> Verify the hardware using the selected verification measures according to the defined strategy. Record the verification results including pass/fail status and corresponding verification measure data. [OUTCOME 5]                                                                                                                                                                                          |
| NOTE 17: See Automotive SPICE <sup>®</sup> SUP.9 for handling of non-conformances                                                                                                                                                                                                                                                                                                                                                               |
| <b>HWE.4.BP6: Establish bidirectional traceability.</b> Establish bidirectional traceability between hardware requirements and verification measures. Establish bidirectional traceability between verification measures and verification results. [OUTCOME 6]<br>NOTE 18: Bidirectional traceability supports coverage, consistency and                                                                                                        |
| impact analysis.                                                                                                                                                                                                                                                                                                                                                                                                                                |
| <b>HWE.4.BP7: Ensure consistency.</b> Ensure consistency between hardware requirements and verification measures. [OUTCOME 6]<br>NOTE 19: Consistency is supported by bidirectional traceability and can be demonstrated by review records.                                                                                                                                                                                                     |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                 |

|                         | HWE.4.BP8: Summarise and communicate results. Summarise the verification results and communicate them to all affected parties.         [OUTCOME 7]         NOTE 20: Providing all necessary information from the verification measures in a summary supports other parties in taking appropriate measures.         NOTE 21: In the case large amounts of verification data may be generated (e.g. automated tests) then a meaningful summary of the verification data as adequate evidence for each verification result can be provided. |  |
|-------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|
| Output work<br>products | 08-HW01 Verification plan → [OUTCOME 1]<br>08-HW02 Verification specification → [OUTCOME 2, 4]<br>13-01 Acceptance record → [OUTCOME 3]<br>13-04 Communication record → [OUTCOME 7]<br>13-19 Review record → [OUTCOME 6]<br>13-22 Traceability record → [OUTCOME 6]<br>13-HW01 Verification result → [OUTCOME 5, 7]                                                                                                                                                                                                                      |  |

# **Rating Rules**

**[HWE.4.RL.1]** If the strategy for verification against hardware requirements does not cover all aspects in BP1, the indicator BP1 must not be rated F.

**[HWE.4.RL.2]** If the test implementation using automation does not cover the following aspect, the indicator BP5 must not be rated F:

■ Correctness, completeness, and consistency of test scripts and test programs with respect to the test cases assigned to an automated test in the verification specification.

**[HWE.4.RL.3]** If the verification results contain only a pure pass/fail information without supporting verification measure data, the indicator BP5 must not be rated higher than P.

# Rating Recommendations

No rating recommendations.

# 5 **Process Capability Levels and Process Attributes**

The entire Capability Dimension of Automotive SPICE® v3.1 applies. The Capability Level and Process Attribute definitions in Automotive SPICE® [19] are the ones defined in ISO/IEC 33020 [5].

# Annex A Work Product Characteristics (WPC)

## Annex A.1 Motivation

Work product characteristics (WPC)

- Refine the work product indicators (WP) in clause 4. WP are alternative process performance indicators to base practices provided by the PAM the assessor can use.
- Can be used when reviewing potential outputs of process implementation. The characteristics are provided as guidance for the attributes to look for, in a particular sample work product, to provide objective evidence supporting the assessment of a particular process.

In this respect,

- WPC are meant to offer a good practice and state-of-the-art knowledge guide and information source for the assessor to be quickly accessible during an assessment
- WPs and WPCs represent an example structure only. Consequently, they are neither a 'strict must', nor are they normative for organisations. Instead, the actual structure, form and content of concrete work products and documents for the implemented processes must be defined by the project and organisation, respectively:
  - The project and/or organisation may call these work products by different names.
  - The name of the work product in the organisation are not significant.
  - Organisations and projects may have several equivalent work products which contain the characteristics defined in one work product type.
  - The formats for the work products can vary.

It is up to the assessor and the organisational unit coordinator to map the actual work products produced in their organisation to the examples given here.

# Annex A.2 WPC in this Document

WPs mentioned in clause 4 but not listed in this annex refer to those defined in Automotive SPICE® [19]. Thus, this annex only defines those WPC that are newly introduced in this HWE PRM/PAM. These carry the suffix 'HW'.

This means that, also, work products in Automotive SPICE® with the ID NN-00 apply here; they denote are sets of characteristics that would be expected to be evident in work products of generic types as a result of achievement of a Process Attribute at a Capability Level higher than 1.

| WP ID<br>An identifier<br>number | WP Name<br>Example of a typical type<br>or name | WP Characteristics<br>Examples of the potential characteristics                                                |
|----------------------------------|-------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
| 04-HW01                          | Hardware architecture                           | <ul><li>Describes the overall hardware structure</li><li>Identifies the required hardware components</li></ul> |

Table A-1 — HWE PRM/PAM-related Work Product Characteristics



|         |                                      | <ul> <li>Includes the rationale for chosen options of hardware architecture</li> <li>Identifies own developed and supplied hardware components</li> <li>Identifies the required internal and external hardware component interfaces</li> <li>Specifies the interfaces of the hardware components</li> <li>Specifies the dynamic behaviour</li> <li>Identifies the relationship and dependency between hardware components</li> <li>Describes all hardware variants to be developed</li> <li>Describes power supply, thermal and grounding concepts</li> </ul>                                                                                                                                                                                                                                                                                                                         |
|---------|--------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 04-HW02 | Hardware detailed design description | <ul> <li>Describes the interconnections between the hardware parts</li> <li>Specifies the interfaces of the hardware parts</li> <li>Specifies the dynamic behaviour</li> <li>Describes the conclusions and decisions based on e.g. analysis reports, datasheets, application notes</li> <li>Describes the constraints for layout</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| 04-HW03 | Schematics                           | <ul> <li>Identifies the hardware parts</li> <li>Specifies the connections of the hardware parts</li> <li>Specifies the unique identification of all hardware parts</li> <li>Specifies unique variant identification</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| 04-HW04 | Bill of materials                    | Uniquely identifies type, supplier, and amount of the complete set of all hardware parts of the hardware                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
| 04-HW05 | Layout                               | <ul> <li>Specifies the placement of the hardware parts and labels</li> <li>Specifies manufacturing data e.g. circuit paths (width, routing), vias, testing points, number of layers, drillings, material of the PCB, shape, soldering resist mask, PCB coating</li> <li>Specifies a unique layout identification</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| 08-HW01 | Verification plan                    | <ul> <li>Context:         <ul> <li>project/verification sub-process</li> <li>verification item(s)</li> <li>verification scope</li> <li>assumptions and constraints</li> <li>stakeholder</li> <li>verification communication</li> </ul> </li> <li>Verification strategy:         <ul> <li>identification of the work product under verification</li> <li>identification of the hardware variants to be verified</li> <li>definition of suitable measurement and verification equipment</li> <li>methods for verification measure development including criteria for selection</li> <li>verification techniques and tools</li> <li>definition of how requirements regarding verification are covered</li> <li>sequences of verification steps</li> <li>approach for the handling of failed verification</li> <li>approach for verification measure data handling</li> </ul> </li> </ul> |



|         |                                     | <ul> <li>identifies any constraints/risks and how these will<br/>be addressed</li> <li>verification exit criteria</li> <li>verification start, abort and re-start criteria</li> <li>regression test strategy</li> <li>Test environment requirements</li> <li>Verification deliverables</li> </ul>                                                                                                                                                                                                                                                                                                        |
|---------|-------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 08-HW02 | Verification specification          | <ul> <li>Verification Measure Specification</li> <li>Verification Procedure Specification</li> <li>Identification of verification measures for regression testing</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                             |
| 11-HW01 | Hardware production<br>data         | <ul> <li>Consists of bill of materials</li> <li>Consists of layout e.g. GERBER data</li> <li>Specifies requirements for EOL test e.g.         <ul> <li>Test type (AOI, ICT, boundary scan)</li> <li>Test coverage</li> <li>Acceptance criteria</li> </ul> </li> </ul>                                                                                                                                                                                                                                                                                                                                    |
| 11-HW02 | Special characteristics             | Special characteristics in terms of relevant standards such<br>as IATF 16949, VDA 6.x Guidelines, ISO 26262.<br>Special Characteristics according to IATF 16949:2016-10<br>[15], Chapters 8.3.3.3, are product characteristics or<br>production process parameters that may have an impact<br>on safety or compliance with official regulations, the fit, the<br>function, the performance or further processing of the<br>product.<br>Note: Special characteristics shall be verifiable according<br>to VDA vol. 1<br>Note: A proper method to identify and rate special<br>characteristics is an FMEA. |
| 13-HW01 | Verification result                 | <ul> <li>Verification Log</li> <li>Anomaly Report</li> <li>Verification Report (Summary):         <ul> <li>verification measures not passed</li> <li>verification measures not executed</li> <li>information regarding the verification execution (date, etc.)</li> </ul> </li> </ul>                                                                                                                                                                                                                                                                                                                    |
| 17-HW01 | Hardware requirements specification | Identifies standards to be fulfilled Note: for further guidance refer to the notes for HWE.1.BP1                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |

# Annex B Conformity of the HWE PRM/PAM

## Annex B.1 Introduction

HWE PRM/PAM is compliant to the requirements for conformance defined in ISO/IEC 33004 [4]. The PAM can be used in the performance of assessments that meet the requirements of ISO/IEC 33002 [2].

This clause serves as the statement of conformance of the process assessment and PRMs to the requirements defined in ISO/IEC 33004 [4], clauses 5.5 and 6.4.

Due to copyright reasons each requirement is only referred by its number. The full text of the requirements can be drawn from ISO/IEC 33004 [4].

# Annex B.2 Conformance to the requirements for PRMs

#### Clause 5.3, 'Requirements for PRMs'

The following information is provided in Section 2 of this document:

- The declaration of the domain of this PRM/PAM document.
- The description of the relationship between this PRM/PAM document and its intended context of use.
- The description of the relationship between the processes defined within this PRM/PAM.

The descriptions of the processes within the scope of this PRM/PAM document fulfilling the requirements of ISO/IEC 33004 clause 5.3 is provided in Section 4 of this PRM/PAM document. [ISO/IEC 33004 [4], 5.3.1]

The relevant communities of interest and their mode of use and the consensus achieved for this HWE PRM is documented in the copyright notice (Section 1.3) and the scope of this document (Section 2.2). [ISO/IEC 33004 [4], clause 5.3.2]

The process descriptions are unique. The identification is provided by unique names and by the identifier of each process of this document, see Section 4 of this document. [ISO/IEC 33004 [4], clause 5.3.3]

#### Clause 5.4, 'Process descriptions'

These requirements are met by the process descriptions Section 4 of this PRM/PAM document. [ISO/IEC 33004 [4], clause 5.4].

## Annex B.3 Conformance to the requirements for PAMs

#### Clause 6.1, 'Introduction'

The purpose of this PAM is to support assessment of process capability within the automotive domain using the process measurement framework defined in ISO/IEC 33020 [5]. [ISO/IEC 33004 [4], 6.1]

## Clause 6.2, 'PAM scope'

The process scope of this PAM is defined in the PRM included in Section 4 of this document. The PRM in this document is satisfying the requirements of ISO/IEC 33004 [4], clause 5 as described in Annex A.2. The process capability scope of this PAM is defined in the process measurement framework specified in Automotive SPICE® [19], which is conformant with the process measurement framework in ISO/IEC 33020 that is satisfying the requirements of ISO/IEC 33003. [ISO/IEC 33004 [4], clause 6.2].

#### Clause 6.3, 'Requirements for PAMs'

The PAM in this document is related to process capability. [ISO/IEC 33004 [4], clause 6.3.1]

This PAM incorporates the process measurement framework specified in Automotive SPICE<sup>®</sup> [19], which is conformant with the process measurement framework in ISO/IEC 33020 that is satisfying the requirements of ISO/IEC 33003 [3]. [ISO/IEC 33004 [4], clause 6.3.2]

This PAM is based on the PRM included in clause 4 in this document. This PAM is further based on the process measurement framework specified in Automotive SPICE<sup>®</sup> [19], which is conformant with the process measurement framework in ISO/IEC 33020 [5] that is satisfying the requirements of ISO/IEC 33003 [3]. [ISO/IEC 33004 [4], clause 6.3.3]

The processes included in this PAM are identical to those specified in the PRM. [ISO/IEC 33004, 6.3.4]

For all processes in this PAM all levels defined in the process measurement framework from ISO/IEC 33020 are addressed. This is done via adopting the process measurement framework specified in Automotive SPICE<sup>®</sup> [19], which is conformant with the process measurement framework in ISO/IEC 33020 that is satisfying the requirements of ISO/IEC 33003 [3]. [ISO/IEC 33004 [4], clause 6.3.5]

This PAM defines

- the selected process quality characteristic
- the selected process measurement framework
- the selected PRM
- the selected processes from the PRM

#### [ISO/IEC 33004 [4], clause 6.3.5 a-d]

In the capability dimension, this PAM addresses all of the Process Attributes and Capability Levels defined in the process measurement framework in ISO/IEC 33020 [5]. This is done via adopting the process measurement framework specified in Automotive SPICE<sup>®</sup> [19], which is conformant with the process measurement framework in ISO/IEC 33020 [5] that is satisfying the requirements of ISO/IEC 33003 [3]. [ISO/IEC 33004 [4], clause 6.3.5 e]

#### Clause 6.3.8, 'Assessment indicators'

The PAM in this document provides a two-dimensional view of process capability for the processes in the PRM, through the inclusion of assessment indicators as defined in clause 4. The assessment indicators used are:

- Base Practices and output Work Products [ISO/IEC 33004 [4], clause 6.3.8 a, 'Assessment indicators']
- Generic Practices [ISO/IEC 33004 [4], clause 6.3.8 b, 'Assessment indicators']

## Clause 6.3.9, 'Mapping PAMs to PRMs'

The mapping of the assessment indicators to the purpose and process outcomes of the processes in the PRM is included in each description of the Base Practices in Section 4. The mapping of the



assessment indicators to the Process Attributes in the process measurement framework including all of the Process Attribute achievements is included in each description of the Generic Practices in process measurement framework specified in Automotive SPICE<sup>®</sup> [19], which is conformant with the process measurement framework in ISO/IEC 33020 [5] that is satisfying the requirements of ISO/IEC 33003 [3]. Each mapping is indicated by a reference in square brackets. [ISO/IEC 33004 [4], clause 6.3.2, 'Mapping PAMs']

#### clause 6.3.10, 'Expression of assessment results'

The Process Attribute s and the Process Attribute ratings in this PAM are identical to those defined in the measurement framework of Automotive SPICE<sup>®</sup> [19]. As a consequence, results of assessments based upon this PAM are expressed directly as a set of Process Attribute ratings for each process within the scope of the assessment. No form of translation or conversion is required. [ISO/IEC 33004 [4], clause 6.3.3, 'Expression of assessment results'].

# Annex C Proposals for Automotive SPICE<sup>®</sup>

Before v3.0, Automotive SPICE® [19] was a software-centric model, the system-level processes of which therefore were typically considered as addressing the ECU level.

Since v3.0 Automotive SPICE® has been restructured to form a plug-in approach, i.e. under the SYS processes, and beneath the SWE processes, other PRM/PAM subdomains can be placed such as electric/electronical and mechanical hardware. Therefore, the Automotive SPICE® SYS.x processes can now represent both ECU and mechatronic level as needed by the assessment scope. When assessing both an ECU level and a mechatronic level in the same assessment, then each level could receive its own SYS.x process instances (see Figure 5 in clause 3.1).

However, the current SYS processes (and others such as MAN.3 and SPL.2) have not been sufficiently revised in order to be able to fully address a mechatronic system.

The reasons are the VDA

- did not put on the agenda the definition of HWE and MEE processes
- could not foresee the mechanical and hardware domain-specific needs and aspects to be reflected in the SYS processes.

Below, change requests are suggested to help moving particular Automotive SPICE® processes to a full mechatronic direction in order to be able to correctly subsume the hardware, mechanical, and software sub-domains. Solution proposals are given in *red text colour, and in italics*.

## Annex C.1 MAN.3 Project Management

#### MAN.3 BP5 Change Request and Rationale

Automotive SPICE® MAN.3 BP5 should explicitly mention hardware and mechanical samples to be provided.

#### Possible solution

'MAN.3.BP5: Define, monitor and adjust project estimates and resources. Define, monitor and adjust project estimates of effort and resources based on project's goals, project risks, motivation and boundaries. [OUTCOME 2, 3, 7]

NOTE 4: Appropriate estimation methods should be used.

NOTE 5: Examples of necessary resources are people, infrastructure (such as tools, test equipment, communication mechanisms...) and *mechanical and hardware samples, and* materials *for e.g. stakeholder needs and own development and testing purposes.* 

NOTE 6: Project risks (using MAN.5) and quality criteria (using SUP.1) may be considered.

NOTE 7: Estimations and resources typically include engineering, management and supporting processes.

## Annex C.2 SYS.2 System Requirements Analysis

### SYS.2 BP1 Change Request and Rationale

Automotive SPICE® SYS.2 should note that for hardware and mechanical development system properties should be considered such as mounting, thermal requirements, heat

dissipation aspects, and requirements for external interfaces (internal interfaces are considered in SYS.3, see clause 3.6).

#### Possible solution

'SYS.2.BP1: Specify system requirements. Use the stakeholder requirements and changes to the stakeholder requirements to identify the required functions, properties and capabilities of the system. Specify functional and non-functional system requirements in a system requirements specification. [OUTCOME 1, 5, 7]

NOTE 1: Application parameter influencing functions and capabilities are part of the system requirements.

NOTE 2: For changes to the stakeholder's requirements SUP.10 applies.

NOTE X: Examples for properties of a system are:

- Thermal characteristics such as heat dissipation
- Dimensions
- Weight
- Materials

NOTE Y: System requirements may include specific requirements regarding external interfaces such as connectors or housing.'

#### Annex C.3 SYS.3 System Architectural Design

#### SYS.3 BP3 Change Request and Rationale

In SYS.3 BP3 interface definition between all sub-domains of the system and external interfaces of the system should to be considered in SYS.3.

#### Possible solution

'SYS.3.BP3: Define interfaces of system elements. Identify, develop and document the interfaces of each system element. [OUTCOME 3]

NOTE X: Interfaces of system elements may include:

- hardware-software-interfaces (HSI)
- hardware-mechanical-interfaces (e.g. a cable that satisfies both mechanical and electrical requirements, housing interface to a PCB)
- interconnection technology such as connectors
- creepage and clearance distances

NOTE Y: The definition of the interfaces may include:

- pin configurations
- shape
- tolerances
- placement'

#### SYS.3 BP4 Change Request and Rationale

In SYS.3 BP4 expand on examples how dynamic behaviour can be interpreted for hardware and mechanical development.

#### Possible solution

'SYS.3.BP4: Describe dynamic behaviour. Evaluate and document the dynamic behaviour of the interaction between system elements. [OUTCOME 4]

NOTE 2: Dynamic behaviour is determined by operating modes (e.g. start-up, shutdown, normal mode, calibration, diagnosis, etc.).

NOTE X: Timing of interactions of system elements should be considered, e.g.

- inertia of mechanical components to be reflected by the ECU
- signal propagation and processing time through the hardware and software and e.g. bus systems'

#### SYS.3 BP5 Change Request and Rationale

During the evaluation of alternative system architectures hardware and mechanical aspects should further be also considered.

## Possible solution:

'SYS.3.BP5: Evaluate alternative system architectures. Define evaluation criteria for the architecture. Evaluate alternative system architectures according to the defined criteria. Record the rationale for the chosen system architecture. [OUTCOME 1]

NOTE 3: Evaluation criteria may include quality characteristics (modularity, maintainability, expandability, scalability, reliability, security realisation and usability) and results of make-buy-reuse analysis.

NOTE X: Evaluation criteria for system comprising hardware and mechanical elements may include aspects such as manufacturability, availability of mechanical and hardware parts etc.'

\_\_\_\_\_

#### SYS.3 BPx (new BP) Change Request and Rationale

A Base Practice is missing for evaluating a defined architecture regarding risks, testability and manufacturability, faults and failures. Add such a BP and a corresponding Process Outcome.

#### **Possible solution:**

'Process Outcomes:

• • •

n) The system architecture is evaluated

...

SYS.3 BPx: Analyse system architecture. Analyse the quantitative and qualitative aspects of the system architecture and evaluate them in terms of risks, manufacturability, and testability. [OUTCOME n]

NOTE X: For safety (comprising e.g. functional safety, electrical safety, safety of use) methods could be applied such as FMEA, FMECA, FTA, DFA.

NOTE Y: Examples for risk evaluation are

- prototype testing
- simulations such as Matlab/Simulink
- calculations such as WEIBULL, worst case analyses

NOTE W: Example for manufacturability are

- evidence for conformity with production constraints
- evidence of availability for all system elements
- appropriate knowledge of production technology and their availability

NOTE Z: Even in case of reuse of system elements, the suitability for the current application shall be evaluated.'

## Annex C.4 SYS.4 System Integration Testing

#### SYS.4 BP3 Change Request and Rationale

Note 1 and 2 should be extended to cover other types of interfaces, and testing objectives, that are relevant to hardware and mechanical development: hardware-software-interfaces (such as connector pin configurations), mechanical-hardware interfaces (such as mechanical dimensioning, positioning of connectors, positioning of a hall sensor in relation to the busbar, tolerances), and mechanical interfaces (e.g. tolerances, shape), Thermal/environmental testing, lifetime/robustness testing, and EMC testing, testing of interaction between hardware and software, e.g. floating IOs for  $\mu$ Cs/MOSFETs etc.

#### Possible solution

'SYS.4.BP3: Develop specification for system integration test. Develop the test specification for system integration test including the test cases for each integration step of a system item according to the system integration test strategy. The test specification shall be suitable to provide evidence for compliance of the integrated system items with the system architectural design. [OUTCOME 3]

NOTE 1: The interface descriptions between system elements are an input for the system integration test cases. This includes e.g. hardware-software-interfaces (such as connector pin configurations), mechanical-hardware interfaces (such as mechanical dimensioning, positioning of connectors, positioning of a hall sensor in relation to the bus-bar, tolerances), and mechanical interfaces (e.g. tolerances, shape).

NOTE 2: Compliance to the architectural design means that the specified integration tests are suitable to prove that the interfaces between the system items fulfil the specification given by the system architectural design.

NOTE 3: The system integration test cases may focus on

- the correct signal flow between system items
- the timeliness and timing dependencies of signal flow between system items
- the correct interpretation of signals by all system items using an interface
- · the dynamic interaction between system items
- thermal/environmental testing, lifetime/robustness testing, and EMC testing (as hardware and the housing is necessary here)
- interactions between hardware and software, e.g. floating IOs for µCs/MOSFETs etc.

NOTE 4: The system integration test may be supported using simulation of the environment (e.g. Hardware-in-the-Loop simulation, vehicle network simulations, digital mock-up).'

# Annex C.5 SYS.5 System Qualification Testing

#### SYS.5 BP1 Change Request and Rationale

The scope of integration tests should be extended to cover the following aspects that are relevant to hardware and mechanical development: testing of thermal and environmental effects, robustness/lifetime testing, and EMC testing.

#### **Possible solution**

'SYS.5.BP1: Develop system qualification test strategy including regression test strategy. Develop a strategy for system qualification test consistent with the project plan and the release plan. This includes a regression test strategy for re-testing the integrated system if a system item is changed. [OUTCOME 1]

Note 1: The system qualification test strategy should cover testing aspects such as thermal, environmental, robustness/lifetime, and EMC.'

## Annex C.6 SWE.2 Software Architectural Design

#### SWE.2 BP3 Change Request and Rationale

In HWE PRM/PAM a note for HWE.2 indicates that the hardware-software-interface is a system-level design concern. A complementary note should be added to SWE.2 correspondingly.

#### Possible solution

'SWE.2.BP3: Define interfaces of software elements. Identify, develop and document the interfaces of each software element. [OUTCOME 3]

NOTE X: The hardware-software-interface (HSI) definition also relates to the hardware design. Refer to Automotive SPICE® SYS.3.'

## Annex C.7 SPL.2 Product Release

#### SPL.2 BP1 Change Request and Rationale

Due to the software-centric orientation of Automotive SPICE, SPL.2 should be enhanced to reflect hardware and mechanical engineering as to representing other (combinations of) product deliveries.

#### Possible solution

'SPL.2 BP1: Define the functional content of releases. Establish a plan for releases that identifies the functionality to be included in each release. [OUTCOME 1, 3]

NOTE 1: The plan should point out *the configuration and the compatibility of mechanical, hardware, software elements, and* which application parameters influencing the identified functionality are effective for which release.'

# Annex C.8 WPC 13-21 Change Control Record

#### Change Request and Rationale

Extend WP characteristics to cover hardware.

#### Possible solution

- Used as a mechanism to control change to baselined products/products in official project release libraries
- Record of the change requested and made to a baselined product (work products, software, *hardware, mechanical elements,* customer documentation, etc.):
  - identification of system, documents impacted with change
  - identification of change requester
  - identification of party responsible for the change
  - identification of status of the change
- Linkage to associated customer requests, internal change requests, etc.
- Appropriate approvals
- Duplicate requests are identified and grouped

# Annex C.9 WPC 13-22 Traceability Record

#### Change Request and Rationale

Extend WP characteristics to cover hardware.

#### Possible solution

- All stakeholder requirements (customer and internal) are to be traced.
- Identifies a mapping of requirement to life cycle work products [HWE working group comment: this bullet point is redundant with the last one]
- Provides references the linkage of requirements to work product decomposition (i.e., requirement → design → code (for SW parts only) → test/verification → deliverables, etc.) by means of e.g. tool-supported links, naming conventions, hyperlinks.
- Provides forward and backwards mapping of requirements to associated work products throughout all phases of the life cycle.

NOTE: This may be included as a function of another defined work product (example: A CASE tool for design decomposition may have a mapping ability as part of its features).

## Annex C.10 WPC 17-08 Interface requirements specification

#### Change Request and Rationale

Extend WP characteristics to cover hardware.

#### Possible solution

- Defines relationships between two products, process or process tasks
- Defines criteria and format for what is common to both



- Defines critical timing dependencies or sequence ordering
- Description of the physical interfaces of each system component like:
  - bus interfaces (CAN, MOST, LIN, Flexray etc.)
  - transceiver (type, manufacturer, etc.)
  - analogue interfaces
  - digital interfaces (PWM, I/O)
  - additional interfaces (IEEE, ISO, Bluetooth, USB, etc.)
  - pin configuration
  - connectors, cables, mounting position & space, case/housing
  - optical interfaces
  - electromagnetic interfaces
  - thermal interfaces
- Identification of the software interfaces of software components and other software item in terms of:
  - inter-process communication mechanisms
  - bus communication mechanisms
- Identification of the hardware interfaces between hardware components in terms of:
  - electrical interconnections (e.g. voltage supply, SPI, I2C)
  - thermal interfaces

## Annex C.11 Further proposals

The following rationales are suggested to be considered as ideas for a future version of Automotive SPICE®:

- According to 'Rationale 1 No Production Process, define interface to production including special characteristics as described in 'Rationale 8 – Mentioning of Special Characteristics'.
- According to 'Rationale 3 Requirements Characteristics at CL1' and 'Rationale 4 No Extra Verification Criteria Base Practice', remove verification criteria BP and extend the specifications of requirements with state-of-the-art requirements quality criteria including verifiability.
- According to 'Rationale 5 No Usage of Terms Functional and Non-functional Requirement', do not use such a distinction.
- According to 'Rationale 9 Evaluate Instead of Verify' and 'Rationale 10 No BP on Evaluating Alternative Architectures', consider the need of the 'evaluation of architectural and design elements' instead of 'evaluating alternative architectures' in SYS.3, SWE.2 and SWE.3.

# Annex D Contact Persons

In alphabetical order:

| Contributing company                                               | Contact person                                                     |
|--------------------------------------------------------------------|--------------------------------------------------------------------|
| ART S.p.A                                                          | Mr. Attila Féhérvari                                               |
| Audi AG                                                            | Mr. Helmut Lochner                                                 |
| Brose Fahrzeugteile SE & Co. KG                                    | Dr. Pierre Metz                                                    |
| Continental Automotive GmbH                                        | Mr. Christopher Sievers                                            |
| Car.Software-Organisation (subsidiary within the Volkswagen Group) | Mr. Helmut Lochner                                                 |
| Dräxlmaier Group                                                   | Mr. Gerd Vogler                                                    |
| Exida Group                                                        | Mr. Carlo Donzella                                                 |
| intacs™                                                            | Dr. Pierre Metz                                                    |
| Infineon                                                           | Mr. Marc-André Klostermann                                         |
| ITK Engineering GmbH                                               | Mr. Claudio La Rocca                                               |
| Kugler Maag Cie GmbH                                               | Dr. Giuseppe Pepe, Mr. Kosmas Kopmeier, Mr.<br>Thomas Gabler       |
| Lorit Consultancy GmbH                                             | Mr. Alistair Walker                                                |
| Preh GmbH                                                          | Mr. Timo Budnik (formerly Mr. Uwe Ochsendorf)                      |
| Robert Bosch GmbH                                                  | Mr. Holger Goettel                                                 |
| Schaeffler Technologies AG & Co.                                   | formerly Mr. Andreas Trautmann (contact Mr.<br>Matthias Maihoefer) |
| Sharpen 360                                                        | Mr. Peter Petersen                                                 |
| SynSpace Group                                                     | Mrs. Claudia Balla (formerly Mr. Kosmas<br>Kopmeier)               |
| Valeo Siemens eAutomotive Germany GmbH                             | Mr. Andreas Trautmann                                              |
| WABCO GmbH & Co. KG                                                | Dr. Rajesh Ganji                                                   |
| ZF Friedrichshafen AG                                              | Mr. Klaus Weyermann (formerly Mrs. Sybille<br>Schmid)              |

# Annex E Change History

| Date | Version | Author        | Changes                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
|------|---------|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 2019 | 1.0     | intacs™<br>WG | First Release                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| 2020 | 2.0     | intacs™<br>WG | <ul> <li>General, Terminology, formal</li> <li>Purpose statement added (Section 2.1)</li> <li>Figure 5 updated</li> <li>Added terms to list in chapter 1.7 regarding semiconductor development <ul> <li>IP (Intellectual Property)</li> <li>GDSII</li> <li>Hard-macro</li> <li>Soft-macro</li> <li>Tape-Out</li> <li>Pre-Silicon Verification</li> <li>Post-Silicon Verification</li> <li>Qualification</li> </ul> </li> <li>References to sections/clauses/chapters/etc. unified according syntax found in international standards e.g. ISO 26262, ISO330xx</li> <li>Editorial improvements throughout the document</li> <li>Added Section 3.6 "Addressing the Mixture of Requirements and Design"</li> <li>Corrections according to the review findings Independent ISO/IEC 33020 compliance review Mr. Petr Švimberský, Czech Republic, as of Dec. 15th 2020.</li> </ul> |
|      |         |               | <ul> <li>Changes to Rationales:</li> <li>Rationale 1: modified (no production process)</li> <li>Rationale 2: reference corrected to HWE.2.BP2 Note 8</li> <li>Rationale 5: enhanced (understanding of functional and non-functional requirements), and corrections made</li> <li>Rationale 12: "component" replaced by "element"</li> <li>Rationale 15 deleted</li> </ul> Changes to Work Product Characteristics: <ul> <li>"Specifies the interfaces of the hardware components" and "Specifies the dynamic behaviour" added to 04-HW01</li> <li>"Specifies the interfaces of the hardware components" changed in "Specifies the interfaces of the hardware components" changed in "Specifies the interfaces of the hardware components" changed in "Specifies the interfaces of the hardware parts" in 04-HW02</li></ul>                                                  |
|      |         |               | <ul> <li>Changes to HWE.1 HW Requirements:</li> <li>Purpose: stakeholder requirements added</li> <li>Minor corrections of the process purpose</li> <li>HWE.1.BP.1 stakeholder requirements and interfaces added</li> <li>Rationale 5 enhanced (understanding functional and non-functional requirements), explanatory Notes added to HWE.1.BP1 and BP.2 in this regard</li> <li>HWE.1 BP2 "classifying according to requirements types" was removed</li> <li>HWE.1.RL.1 removed</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                  |
|      |         |               | <ul> <li>Changes to HWE.2 HW Design:</li> <li>Minor corrections of the process purpose</li> <li>HWE.2 BP2 Note 6: "RTL design" added</li> <li>HWE.2 BP3 and BP4: "components" changed into "elements". The same for Process Outcomes 3) and 4)</li> <li>HWE.2 BP8: Note 32 removed. "Component" replaced by "Element"</li> <li>former HWE.2.BP7 and HWE.2.BP10 merged into one BP (new HWE.2.BP9)</li> <li>Notes added to HWE.3.BP6 and BP7 and to HWE.2.BP7 and BP8 to reflect Semiconductor domain needs: <ul> <li>HWE.2, Process Outcome 2) "components" changed to "elements"</li> </ul> </li> </ul>                                                                                                                                                                                                                                                                    |



| <ul> <li>HWE.2.BP5: Allocate the hardware requirements to the hardware components &gt; "components" changed to "elements", and explanatory Note added</li> <li>Traceability to HW elements on architecture level (HWE.2.BP7 and BP8) instead of HW components.</li> </ul> |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Changes to HWE.3 Verification Against HW Design:                                                                                                                                                                                                                          |
| <ul> <li>Minor corrections of the process purpose</li> </ul>                                                                                                                                                                                                              |
| HWE.3.BP6 and BP7 and Process Outcomes: "components" replaced by<br>"elements"                                                                                                                                                                                            |
| Alignment of HWE.3.BP1 and HWE.4.BP1                                                                                                                                                                                                                                      |
| <ul> <li>Separate list entry e) on 'selection criteria' in HWE.3.BP1 and HWE.4.BP1</li> <li>Notes added to HWE.3.BP6 and BP7</li> </ul>                                                                                                                                   |
| <ul> <li>Notes added to HWE.3.BP1 regarding semiconductor development</li> </ul>                                                                                                                                                                                          |
| HWE.2.BP3,Note 12: "hardware components" changed to "hardware elements"                                                                                                                                                                                                   |
| Changes to HWE.4 Verification Against HW Requirements:                                                                                                                                                                                                                    |
| Minor corrections of the process purpose                                                                                                                                                                                                                                  |
| Alignment of HWE.3.BP1 and HWE.4.BP1. Separate list entry e) on 'selection criteria' in HWE.3.BP1 and HWE.4.BP1                                                                                                                                                           |
| <ul> <li>Contents of a verification strategy was not consistent with HWE.3.BP1. Added<br/>to HWE.4.BP1 g), h) and j)</li> </ul>                                                                                                                                           |
| Notes added to HWE.4.BP1 regarding semiconductor development                                                                                                                                                                                                              |