To maintain their certification, QIR companies are held accountable for the impact they have on the security of the cardholder data environment as they work to uphold the Payment Card Industry Security Standards Council (“PCI SSC”) Code of Professional Responsibility. Over the course of the last year, RDS has made major investments related to meeting the new QIR qualification and implementation requirements. Trained by the PCI SSC, RDS employees perform Qualified Installations every day in accordance with the QIR Program.

The diagram above shows the Qualified Installation process and parties involved. (diagram credit PCI-SSC)

The PA-DSS Implementation Guide is prepared by the software application vendor, such as NCR, and passed to the QIR Company (RDS). The QIR qualified employee uses this vendor-provided PA-DSS Implementation Guide, QIR Implementation Statement Instructions, and their knowledge of the PCI DSS, when implementing the payment application software into the merchant’s environment.

Throughout each stage of the implementation, the QIR employee documents details related to the install and PCI DSS on an Implementation Statement. This document provides a record of their work with a checklist of implementation/functionality items for the QIR employee to test and sign off. Within 10 business days of the installation, the QIR installer reviews the completed Implementation Statement for Quality Assurance. Once the document is signed off, the customer receives a copy for their records. To ensure continuing process improvements, the customer is invited to share their experience through a survey located on the PCI SSC website. The QIR Feedback Form serves as a tool for the PCI SSC to validate the performance of the QIR Company, in accordance with the QIR Program Requirements, through the customer’s experience.

RDS appreciates our customers’ feedback and can help guide and assist you as needed on your PCI Compliance journey. If you have any questions about our QIR Program, please email: compliance@rdspos.com.