Through virtualization numerous server instances can be developed and run from a single physical system. This has been considered as non compliant by many QSAs in the past. PCI v2.0 Section 2.2.1 permits the use of virtualization; but makes it clear to run only one function on a single virtual server like one machine will run database services, while another will be used for running web services. So it is important for the QSAs to know about virtualization specific controls, virtual network segmentation and the IT controls which come in use with the virtualization platforms.
Choosing a QSA Once you select a QSA, the relationship might develop into a long one. It is necessary for the organizations to look for a QSA that knows about the same technology that is needed to be audited. In order to hire a QSA, the companies must gather information about business requirements; develop a detailed interview about past experiences (of QSA) and must choose a time for onsite review and planning or meeting.