A new association has been established to control access to security-related repair and maintenance information (SERMI). Managed by vehicle manufacturers and repairers, the SERMI Association has been created primarily to combat vehicle theft by approving and monitoring who has access to what information. Although mandatory in certain European counties, it is voluntary in the UK – although that will change.
Here, Phil Peace, Managing Director, Repairify, explains more:
Can you provide a bit of background into the creation of SERMI – how and why it was set up?
SERMI is the scheme for accreditation, approval and authorisation to access security-related repair and maintenance information (RMI). The scheme ensures secure access to vehicle manufacturers’ data for independent operators, remote service suppliers (RSS), and their respective employees.
The Association has been created to further develop, own, operate and maintain the scheme and processes related to access to security-related repair and maintenance information for motor vehicles and to provide a process to approve and authorise independent operators (IOs) working in the European automotive aftermarket to enable them to access security-related RMI.
The SERMI Association is managed jointly by vehicle manufacturers and independent operators (repairers) as stakeholders who are primarily involved in the process of providing or obtaining access to security-related RMI.
What has it been established to achieve?
It has been introduced to ensure that vehicle repairers and individuals working on theft-related items within a vehicle have registered with a centralised body and have been checked against certain criteria that allows them to work on them. Ultimately it is designed to help reduce vehicle theft.
Does it have political/industry support?
The answer to that is yes. In Europe the use of the SERMI scheme is mandated by the Delegated Regulation (EU) N° 2021/1244 amending Regulation (EU) N° 2018/858. From a UK perspective it is not mandatory, however, it is being introduced on a voluntary basis and there is industry support from the NAB, which is the controlling body of UCAS, and from the RMI, which is one of the auditing bodies.
What is Repairify’s role within the SERMI Scheme?
As a business, Repairify does not have a specific role within SERMI. However, Repairify is classed as an RSS (Remote Service Supplier). This means that we, along with other Remote Service Suppliers, will need to conform to the SERMI process when working on security-related items.
What does CAB approval mean?
To put it in very simple terms, CAB means Conformity Assessment Body, and they establish, monitor and audit the independent operators to ensure conformity with the scheme to allow access to ‘security-related’ vehicle management information.
How has the development of modern vehicles emphasised the need for SERMI?
There have always been concerns relating to vehicle theft. This process is a way of helping to control who has access to information that could lead to or assist in the theft of a vehicle. Technology is constantly evolving so the introduction of SERMI is designed to try and provide visibility, behind a GDPR wall, as to who is requesting what information and who is undertaking the work. It allows the OE to lock down security information within tools and only be accessed by individuals authorised to do so under the scheme.
Is scheme mandatory or voluntary for OEs?
In Europe, the scheme is mandatory, so all OEs have to conform to it and with the process being standardised it means that the OE has had to adapt their systems to recognise the SERMI certification for an individual and means the tool is unlocked for use. However, in the UK the scheme is voluntary for an OE, so it is up to the OE if they want to join.
How is approval granted, and based on what?
The approval process will see the independent operator apply for approval via the CAB (Certifying Body) and it will be based on criteria laid out by SERMI.
Is it updated on a regular basis to ensure up-to-date information of who is registered?
To ensure all information on the system is up to date, it is the responsibility of the IO to ensure that their staff are registered, and any changes reflected on the system.
SERMI has already been implemented across many European countries, with more following in April.
Can you explain how SERMI is being or will be implemented in the UK?
On 1 April, SERMI had a significant release across many new markets in Europe and it is waiting to see the implications of this rollout before the next countries for launch are announced. From a UK perspective, it means that the launch of SERMI is likely to be 1 July at the earliest, however, like anything it could be subject to change.
When it comes to implementation in the UK, UCAS is in the process of approving the scheme. Once it has done this a couple of things will happen. The first is that manufactures will decide if they opt into the scheme in the UK (as it is voluntary). The second, assuming a manufacturer has opted into the scheme, will see an independent operator (repairer) need to be registered on the SERMI Scheme to enable them to obtain the credentials to access the OE tool for security and theft related information.
However, if the repairer is using an RSS, that business and its employees must also have credentials to be able to open the tool.