Official Purpose Statement (ASPICE v3.1): "The purpose of the Quality Assurance Process is to provide independent assurance that work products and processes comply with predefined provisions and plans and that non-conformances are resolved."
The keyword in this purpose is independent. SUP.1 is the most frequently misunderstood process in supplier assessments because teams confuse quality assurance with quality control and the project team with the QA function. ASPICE requires that QA is performed by someone who does not have a line responsibility for delivering the product they are assuring. This is a structural requirement - not a soft guideline.
📋 Learning Objectives
- Explain ASPICE's independence requirement for QA and why project team self-certification fails it
- Describe what QA plans, audits, and reports must contain
- Operate a nonconformance tracking process from detection to escalation to closure
- Distinguish between QA (process/WP compliance checking) and review/testing (technical correctness)
SUP.1 Base Practices
| BP | Name | What It Requires | Evidence | Common Failure |
|---|---|---|---|---|
| BP1 | Develop QA strategy and plan | A Quality Assurance Plan (QAP) defines: which processes and work products will be audited, audit frequency and schedule, QA personnel (with independence justification), escalation path for unresolved nonconformances, references to quality standards and applicable guidelines. | Quality Assurance Plan document, referenced in the project plan | No QAP; QA activities are informal; "our project lead checks quality" - not independent |
| BP2 | Assure quality of work products | QA personnel inspect work products (SRS, SAD, test reports, review records) for compliance with defined templates, completeness criteria, and process requirements - not for technical correctness. QA checks: "Is the SRS using the mandatory template? Are all required sections present? Is there a review record with the required elements?" Result: compliance/nonconformance per WP. | WP audit records (per-document checklist completed by QA, with date and QA auditor name) | QA review = project team member reading the document for technical errors; no documented audit checklist; no independence; no nonconformance records |
| BP3 | Assure quality of process execution | QA audits how processes are being executed, not just their output. Example: QA observes a requirements review meeting and checks: Was the right team present? Was the correct WP version reviewed? Were all checklist items completed? Was the review record properly produced? Process audits are planned and results documented separately from WP audits. | Process audit records (per-audit: date, process audited, audit criteria, findings) | Only WP audits done; process execution audits never performed; QA limited to document review at project end rather than in-process checks |
| BP4 | Manage nonconformances | Every QA finding becomes a Nonconformance Report (NCR). NCRs are tracked in a system (may be the same defect tracker as SUP.9 with a distinct category). Each NCR: ID, finding description, affected WP/process, severity, assigned owner, agreed resolution, target date, closure evidence. QA does not close NCRs unilaterally - closure requires evidence that the finding was resolved. | Nonconformance tracking records; NCR closure evidence | Findings noted verbally in QA meetings; no formal NCR created; no tracking; "resolved" means the team said they fixed it - no evidence of resolution checked by QA |
| BP5 | Establish escalation mechanism | If nonconformances are not resolved within the agreed timeframe, or if the severity warrants it, an escalation path is defined: project lead → program manager → organizational quality function → (if unresolved) OEM notified per Supplier Quality Agreement. The escalation path is documented in the QAP. Evidence of use: at least one escalation event documented per assessment period. | QAP escalation section; escalation records (even if rare); evidence that escalation was used at least once | Escalation defined in QAP but never used - assessors will ask "show me an example of an escalated nonconformance." If zero instances exist, the escalation mechanism is theoretical. |