Bank Website Hosting
InetSolution provides SSAE 16 audited compliant website hosting for banks.

Security Checklist
for Website Hosting

Web Site Hosting Security Checklist

This checklist consists of the most common questions that financial institutions ask us when performing due diligence to evaluate us a critical website hosting partner. You may find this checklist as useful as a starting point to evaluating hosting providers.

  Yes No N/A
1. Does the provider include a minimum bandwidth available for your site?
  a. Are support response times included?
  b. Does the provider perform monitoring (up time, response time, etc.) of the hosted site(s)?
    1. Are the monitoring reports available to you upon request?
2. Does the provider have any of the following third party security reviews performed on their systems?
  a. Due diligence overview report detailing internal processes and controls
  b. SSAE 18 audit report for the data center
  c. External vulnerability or penetration testing
  d. External penetration testing
  e. Website snapshot service to provide daily historical audit trail of website content
  f. Other types of testing
3. Does your hosting agreement include a right to perform vulnerability scanning of the external network?
4. Does the provider have 24/7 support available to you?
5. Does the provider offer an annual due diligence package that addresses security & control policies?
6. Does the provider have policies and procedures that adequately address:
  a. Incident reporting requirements and procedures
  b. Business continuity planning and disaster recovery
  c. Software and hardware patches/updates
  d. Controls over remote access and remote administration
  e. Logging, auditing and change control processes
7. Service Continuity
  a. Does the provider have at least two data center sites capable of hosting your website or applications? 
  b. Does the provider have redundant Internet access via more than one vendor?
  c. Does the provider offer any automatic failover capabilities to alternate hosting sites?
8. Physical Security
  a. Is all equipment behind locked doors with limited and controlled access?
  b. Is all provider equipment protected by an alternate power source (generator)?
  c. Are adequate environmental controls in place?
  d. Is fire suppression equipment adequate?
  e. Are there cameras, alarms, etc. in place to monitor physical access?
  f. Are backups routinely performed and then stored at an off-site location?
9. Logical Access Controls
  a. Does the provider offer perimeter firewall protection options for your website?
  b. Does the provider offer intrusion prevention system services for your website?
  c. Does the provider offer file modification alerting services to notify you when website files are changed?
  d. Does the provider offer anti-virus scanning services for your website?
  e. Are password change and complexity requirements used?

Ready to Talk?
Talk to us.

Complete this form and an engineer will get back with you promptly.


Help us prevent spam