PCI Security Standards Council®

Qualified Integrators and Resellers (QIR) Program

Introduction

The Qualified Integrators and Resellers (QIR) Program outlines guiding principles and procedures for the secure installation and maintenance of validated payment applications in a merchant environment, in a manner that supports their PCI DSS compliance efforts.

There is a two-step procedure for participation in the QIR Program. First, the interested organization must become a QIR Company; then, the individual employees of the organization must receive training on how to securely configure, install and maintain payment applications on behalf of their merchant clients. When these steps are successfully completed, acceptance into the QIR program will be confirmed and the company will be listed on the PCI SSC website. Re-qualification of employees is required every three years.

Requirements – at a glance

Company must be a direct provider of a PA-DSS validated application or an independent third-party licensed or authorized by the PA-DSS validated application vendor to resell or integrate the payment application, and must maintain at least one qualified employee in the program at all times, in order to be listed as a Qualified Integrator & Reseller company on the PCI website.
Employees must have work experience in payment applications, system hardening, or network security and demonstrated work experience related to payment industry. Candidates should have experience installing and configuring applications – preferably payment applications – equal to at least one year or three separate engagements.

The Process of Becoming an QIR

Step 1 - Review

QIR training candidates must be sponsored by their employer. If your company is already a QIR sponsor, please coordinate with your Primary Contact to submit a training request through the PCI portal. If your company is not already a QIR sponsor, please refer to the QIR Qualification Requirements for a complete program description and requirements, and to confirm that both you and your organization are well suited for the program.

Step 2 - Apply

Step 3 - Train

Upon receipt of payment, you will receive an email with credentials to access the eLearning course, followed by a separate email containing an authorization number and instructions on how to schedule your exam at a local Pearson VUE Testing Center. You will have a total of 90 days (from the day you receive the training link) to complete the course and exam.

Step 4 - Enrollment

Once the application has been approved by the PCI Security Standards Council, and its designated QIR employees have taken and passed the QIR training, the Company will be listed on the PCI SSC website. Requalification is required every three years to maintain listing on the website.