ASPICE & Compliance

We missed our ASPICE capability level. Now what?

The assessment report is in, the findings list is long, the OEM wants a corrective action plan. Here is why the same gaps keep coming back — and what actually closes them.

Everyone in this industry knows the scene. The assessor leaves, the closing meeting ends politely, and then the report lands: CL1 where the customer contract says CL2. Findings against SYS.2 to SWE.1 traceability. Configuration management "partially achieved." Review records that exist for some work products and not for others. Nobody on the team is surprised — they knew the links in the Excel matrix were three refactorings out of date.

The standard response is also standard for a reason: it doesn't work. A task force gets formed. For eight weeks, senior engineers stop engineering and start producing evidence — backfilling trace links, reconstructing review protocols, writing work products that describe development that already happened. The re-assessment passes. Twelve months later, the links have decayed again, because nothing about how the work is done ever changed. Only what got documented afterwards.

The uncomfortable truth: Automotive SPICE is an assessment model, not a blueprint. It tells you what "managed" looks like; it does not tell you to recreate 1990s pen-and-paper artifacts by hand across ten disconnected tools. Most capability-level gaps are not process-understanding gaps. They are evidence-production gaps — the team does the engineering, but the traceability, baselines, and review records are produced manually, separately, and therefore late and inconsistently.

Which means the fix is not another awareness training. It is changing where the evidence comes from: out of the daily workflow, automatically, with an audit trail — so the next assessment finds work products that were true on the day they were created and are still true on the day they are assessed.

What actually fixes this

Three tool categories on this marketplace attack the capability-level gap directly. All listings are curated; we introduce you to the right one for your setup.

ASPICE & Compliance

Compliance as a byproduct, not a project

Tooling that generates assessment-ready ASPICE work products — traceability, review evidence, test specs — directly from the repository and CI/CD, instead of asking engineers to write them after the fact.

Listed here: AI Agents OS — 20 Claude Code recipes covering SWE.1–6 with bidirectional traceability.

Browse ASPICE & Compliance tools →
Requirements Engineering

Traceability that doesn't decay

The SYS.2 → SWE.1 findings almost always trace back (irony intended) to requirements living in a silo. Modern requirements platforms keep bidirectional links alive as requirements change — including in air-gapped, safety-critical environments.

Listed here: trace.space (enterprise, air-gapped deployable), MappingSpace (ASPICE-native V-model traceability).

Browse Requirements tools →
Process Intelligence

See the process gap before the assessor does

CL2 is about processes being planned and managed. Process intelligence platforms give leadership real visibility into how development actually flows — so the corrective action plan is based on data, not on the loudest opinion in the room.

Listed here: Bloomfilter — process mapping and analysis across planning and delivery.

Browse Process Intelligence tools →

On the marketplace, use the filter pills above the grid (ASPICE & Compliance, Requirements, Process Intelligence) to jump straight to these categories.

Frequently asked

What happens if we miss our target ASPICE capability level?

A missed level usually means findings against specific base practices — most often traceability, configuration management, or inconsistent work products. OEMs typically expect a corrective action plan and a re-assessment. The fix that lasts is changing how evidence is produced, not producing evidence retroactively before the next assessment.

Why do teams keep failing the same traceability findings?

Because traceability is maintained by hand across disconnected tools — requirements in one system, architecture in another, tests in a third, links in Excel. Manual links decay the moment requirements change. Tools that generate and check traceability continuously remove the decay instead of periodically repairing it.

Can AI tooling actually help with ASPICE compliance?

Yes — the newest category of ASPICE tooling generates assessment-ready work products as a byproduct of normal engineering work, with audit trails. It does not replace an assessor or your process ownership, but it removes most of the manual evidence production teams fail on.

What is the difference between CL1, CL2 and CL3?

CL1: the process achieves its purpose. CL2: it is also planned, managed, and its work products are controlled. CL3: a standard organizational process is defined and consistently deployed. Most OEM sourcing requirements target CL2; the CL1→CL2 gap is usually work-product management and traceability discipline.

Tell us your findings list. We'll match you with the right tool.

The New Automotive is a curated marketplace — we know these vendors and make warm introductions. No cost, no spam.

Request an Intro

More guides

Our engineers hate our systems engineering tools → Why coding agents fail in automotive (and how to feed them context) → China speed: why legacy automotive is too slow → The New Automotive marketplace — all tools →