Checklist: Choosing an ISP/hosting service
Publishing date: May 2002
This checklist appended to section 1.12 is intended to assist you when choosing an Internet service provider (ISP) or supplier for your web hosting and Internet facilities. It is important that the supplier provides the answers in writing and that they are written into your service level agreement.
Questions
- Transfer your existing domain names and your content?
- How much is it going to cost?
- Are you getting virtual space or dedicated space?
- What type of server/operating system are you getting? (Mac, UNIX, Linux)? Performance, eg, how fast? Do you want MS FrontPage extension support or to use an ASP database?
- What type of environment is the server in, eg, secure and resilient data centre - physically secure, dedicated power, cooling, etc? What time standards are maintained by the server, eg, NTP synchronised?
- How much server space are you being offered (eg 5 Gb)?
- Support - is it effective and helpful, on 7x24, on local call rates/email? How many work in the support centre at any given time? Do you have a named individual responsible for support? Are you providing a named individual for support contact? Have you a detailed server/OS maintenance procedure?
- What access speeds can you expect, is it a 64 kbs pipe?
Scalability:
- How quick could the bandwidth be expanded to support an identified or anticipated rise in traffic?
- How quickly can they expand your server space and at what cost?
- Provision of a statement of redundancy and a disaster recovery plan, eg if your site goes down how quickly will your hosting service switch connection? Do they have multiple connections and/or site mirroring arrangements? If their physical location is flooded?
- Security - provision of a security statement is essential. This must cover username/password protection and management policy; virus protection; what standards do they apply and how often are they updated. Do they conduct pentesting?
- Incident responses - including, who has the authority to decide action? Who will decide if police/investigation authority is to be called in? Who will answer press enquiries?
- How often will they back-up your site and what physical security is provided for the back up?
- How quick can they register and/or renew Domain on your behalf?
- How quickly can they add a new and additional domain name?
- Are server log files/traffic analysis reports provided weekly/monthly? Are they made available server-side?
- Will they support scripting and do you have access to your CGI bin?
- Site update procedures, eg, FTP access - for controlled uploading/downloading? Do you unlimited 24 hour authenticated (SSH/SSL) access?
- Do you want an FTP server to provide an anonymous FTP downloading facility?
- Will the FTP environment have the option of SSL or SSH connection?
- Do they provide any streaming facilities? If so please detail type and number.
- Do you have an option for an SSL/TLS (Secure Sockets) server connection?
- Do they provide email accounts and listserver facilities?
- Can databases be integrated into your facility?
- Do they provide facilities to host closed/open discussion groups? (refer to section 1.6)
- What are your integrity and availability requirements?
- Does the service supplier have or working to achieve ISO17799 compliance?
- How much is it going to cost? Have this broken down into details, including buying, leasing, licences etc.
Privacy
- Are you using cookies?
- Do the hosting arrangements fully comply with your published privacy statement?
