What you need to know after you are SERMI certified

Both the company and the certified employee have responsibilities they must meet after obtaining SERMI certification. Here you can find these responsibilities, as well as for instance more information about the on-site inspection.* Want to know more? Contact us.

What is Digidentity?

Digidentity is the official Trust Center (TC) for SERMI and is responsible for issuing SERMI certificates to Kiwa. This allows us to issue certificates to Independent Operator employees (IOe) and Remote Service Supplier employees (RSSe). In addition, Digidentity provides the Wallet app (iOS/Android) that stores the SERMI certificate.

How do I use the SERMI certificate?

Have you applied for certification and all documents are in order? Then the company and employees will receive an email confirming that the application has been approved. Employees will receive an additional email from Digidentity with a QR code. Download the Digidentity Wallet app and scan the QR code. The app contains your SERMI certificate as proof.

The SERMI certificate is on your smartphone in the Digidentity Wallet app and can be accessed with a secure PIN. To access a vehicle manufacturer's repair and maintenance information portal (RMI portal), you must use the app to scan a QR code on the manufacturer's website and enter your PIN.

Watch these three videos from Digidentity for more information:

  1. The QR code and installation of the Digidentity Wallet app;
  2. Creating a chain connection between an Independent Operator (IO) and Remote Service Supplier (RSS);
  3. Accessing the Tesla portal with a SERMI certificate.
What obligations do I have after SERMI certification as a company (IO/RSS)?
  • Inform Kiwa of changes to:
    • Contact information;
    • Company locations where SERMI-related activities are performed;
    • Employment of employee with SERMI certification within 3 business days of termination of employment;
    • Company termination.
  • Record every security-related RMI act (register);
  • Reporting any violation or misuse by your authorized employees to relevant agencies if related to security related RMI;
  • Ensuring that authorized employees only use their personal SERMI certification;
  • Ensure that employees are trained for remedial work in automotive maintenance, reprogramming and security and safety functions;
  • Requesting an on-site inspection six months prior to the expiration of the certification period for revalidation;
  • Interim unannounced on-site inspection of all specified SERMI locations during your application.
What obligations do I have after SERMI certification as an employee (IOe/RSSe)?
  • Registering themselves with the vehicle manufacturer RMI system;
  • Accessing security related RMI in accordance with EN ISO 18541:2104;
  • Ensure that all downloaded security related RMI from the vehicle manufacturer is stored no longer than necessary for the operational output for which the information is required;
  • Informing the employer when the digital certificate is no longer required;
  • Not share the software token, digital certificate and PIN. The certificate is personalized;
  • Responsible for proper use of the personal token and PIN;
  • Inform the employer in case of loss or misuse within 24 hours;
  • Inform the relevant authorities if other employees are not exercising legitimate business in accordance with the SERMI scheme;
  • Check customer ID, vehicle identification and authority when working.
What should the recording (register) of security-related RMI actions comply with?

The manner in which the register should be conducted is free. The company is responsible for displaying information in a way that it can be audited. At a minimum, the register must contain the following information:

  1. Customer identification:
    • Name and first name or company name and contact person;
    • ID/passport/driving license number;
    • Address information;
    • Phone number;
  2. Identification of the vehicle;
  3. Proof of assignment by customer.
What items are checked during the on-site inspection?
    • Document check on business activities, company ownership and legal representative;
    • Document check on the VOG (RP) of application;
    • Verification of employee files working at relevant location including:
      • Valid and signed employment contract;
      • Meeting the educational or experience requirements in accordance with the schedule;
      • VOG which was used when applying for certification;
      • If an employee works at multiple locations, a file check of this employee will be performed at each location.
    • Document check of valid liability insurance as per scheme requirements;
    • Verification of legitimate business activities in the automotive and these should not conflict with the requirements of the SERMI scheme;
    • Verification of register to be conducted for all SERMI activities.

* The European Association is still compiling the requirements. It is possible that one or more of the here mentioned requirements may be updated.

Contact

Kiwa Nederland
CoC: 08090048