IATF and ASPICE level 2

rvanderbilt

Starting to get Involved
Hello,

The supplier I am working for is not design responsible. Recently I discovered that one section of our group is at a level two ASPICE certification. Does anyone know if this certification implies to an IATF auditor that we are design responsible?
 

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
Good day @rvanderbilt
When you state "the supplier..." you are working for, is it safe to assume that..
1- you are referring to the company/organization you are working for and that company is a supplier to the automotive industry? Or...
2- are you speaking of a "supplier" that is providing goods/services to your organization?

I will respond based on the premise that "1" is the situation. Please correct me if wrong.

"SPICE" is intended ...
"...perform conformant assessments of the software process capability in the development of automotive systems in accordance with the requirements of ISO/IEC 33002."

So, if your organization NOT design responsible, then why would it be assessed according to SPICE?

From what I am taking from your original post (I'm still a little unclear),...I would assume your organization IS design responsible specific to software development specific to automotive systems.

Hope this helps.
Be well.
 

rvanderbilt

Starting to get Involved
You are correct in assuming my company is the supplier. We offer a product that is manufactured in Japan and we support certain processes from our facility. We don't have design responsibility but we cover some of the support processes, such as project management on the US side on behalf of Japan. I just found out this week that we have been required to get level 2 certification from the customer. I don't have much ASPICE experience so I don't know what to make of all this. I don't know if I need to change the IATF scope to include design. It kind of seems that we have implied we are design responsible because of this cert.
 

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
You are correct in assuming my company is the supplier. We offer a product that is manufactured in Japan and we support certain processes from our facility. We don't have design responsibility but we cover some of the support processes, such as project management on the US side on behalf of Japan. I just found out this week that we have been required to get level 2 certification from the customer

Hmmm....This is new to many (including me) so objective answers may be difficult to come by. However, based on what I am understanding in regards to your organization, this also may be very new to your customer (i.e. the individual(s) asking you to be "level 2 certified" may not (do not appear to ) know quite what they are asking for).

I would certainly be VERY cautious regarding the scope of IATF 16949. For example, if your organization wishes to change to the product you provide...does YOUR organization (your location or Japan) change the drawing or does a request go to the customer and the CUSTOMER changes the drawing ?
If your organization was not design responsible prior to SPICE, then SPICE alone does not suddenly make your organization design responsible.


Please continue to post here with what you learn and any additional details. This dialogue will prove beneficial to many.

Be well.
 

rvanderbilt

Starting to get Involved
Morning,
Japan our manufacturing site changes the drawing. They are design responsible.

You say that having SPICE alone doesn't suddenly make us design responsible, is that because we are only level 2? I don't know much about ASPICE but both sites have there own ASPICE cert and our cert is only covering some supportive roles in the development process.
 

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
Morning,
Japan our manufacturing site changes the drawing. They are design responsible.

You say that having SPICE alone doesn't suddenly make us design responsible, is that because we are only level 2? I don't know much about ASPICE but both sites have there own ASPICE cert and our cert is only covering some supportive roles in the development process.

1- "Design responsible" is a determination in and of its own and has nothing to do with SPICE or any other assessment.

2- In regards to the IATF 16949 certification. Does your organization site hold its OWN iatf 16949 certification, or does it SHARE an Iatf 16949 certification with your japan site, as part of a Corporate Scheme ?
 

rvanderbilt

Starting to get Involved
Morning,
We have our own IATF certificate. It's good to know that design responsible is a determination apart from SPICE. I was afraid someone inadvertently signed us up for something. My anxiety was beginning to increase.

Thanks!
 

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
Yep...and your response further confirms that since you hold your own cert, your Japan location, not your site, is design responsible.

If you don't mind, continue to post about SPICE as you encounter assessments, etc... We are all still learning this topic.

Be well.
 

rvanderbilt

Starting to get Involved
Hello,
I was just reviewing this and I have another question. FCA has a customer specific requirement 8.3.2.3 which says anybody delivering software embedded electronic components must undergo an assessment of process capability. The capability they are referring to is the third party ASPICE audit done on a yearly basis. My stress comes in at if we are not design responsible but yet now I am subject to some clauses under the design and development section of IATF what else will I need to be cautious of? Probably a better question is, If I am not design responsible what does that mean I am exempted from when it comes to IATF sub clauses?
 

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
Good day @rvanderbilt ;
Keep em' coming. "SPICE" is still a relatively new subject, and I'm sure there are quite a few watching these posts.

Bear in mind that regardless of IATF 16949 , organizations are subservient to applicable CSR (customer specific requirements).

As you know, the CSR specifically states...
... an assessment of software process
capability/maturity in accordance with CS.00187.


The FCA (Stellantis ;) CSR under 8.3.2.3 does not directly state SPICE as a requirement. However, you know best what it is the customer is asking for and I do not have access to referenced document CS.00187.
(Is it possible for you to share the gist of that document without violating any trade or copyright rules?)


8.3 is divided between "process" design (no "exemption") and "product" design ("exemption" if logic).
We are currently discussing "product design", which, based on what I understand from your description, your organization site is NOT product design responsible. However, this does not exclude requirements placed upon an organization by the customer.

It IS possible, however, that your customer is also new to SPICE and mis-applying the requirements. I would certainly hope that a strong relationship exists with the OEM (and/or will be developed), wherein a frank and open conversation can take place around this subject. It is indeed difficult for me to see how or why the OEM would want to apply any SPICE requirements to your site. Remember, the customer is NOT always correct;)

Hope this helps
Be well.
 
Top Bottom