Académique Documents
Professionnel Documents
Culture Documents
This is the IT Security Checklist for HSH to collect the basic security information and the
technical requirements of any new applications for our internal assessments.
The new IT applications include, but is not limited to, the following models:
SaaS (Software as a Service)
Cloud-based solution
On-Premise Software (i.e. property-hosting)
Please input each item and supplement any additional information in the Remarks for our
reference. This checklist will be used as a supplement document with the contract/agreement
of your proposal.
(A) SaaS (Software as a Service) Feedba Remarks
ck
Y = Yes
N = No
NA = Not
Applicable
1. Please briefly describe the new application, product, solution and/or Y We offer fully managed
services in your proposal. hosting services. You will be
able to manage your hosting
account via the Client Area
and the cPanel.
2. Does your proposal offer a SaaS (Software as a Service) solution? NA
(B) Compliances and Certificates for Data Centre Hosting Services Feedba Remarks
(This section is not applicable if the proposal is the On-Premise software) ck
Y = Yes
N = No
NA = Not
Applicable
1 What is the name of the company who operates the Data Centre in which Y The DataCenter is operated
HSH data will be hosted? by Linode, but we manage
our own servers.
2 What is the location of the Data Centre in which HSH data will be Y You can choose your Data
hosted? Center location. In Asia the
locations are Singapore and
Tokyo.
3 Please provide the web address/URL for the Data Centre hosting Y Fastcomet.com/datacenters
services.
4 Has the Data Centre attained compliance or certification for any of the Y
following standards?
a. SSAE16 (Statement on Standards for Attestation Engagements No. N Currently the standard is not
16) supported
http://ssae16.com/SSAE16_overview.html
Please provide the supporting
- SOC1 / SOC2 / SOC3 Reports
Y = Yes
N = No
NA = Not
Applicable
1 Please describe the Backup process details in your proposal. Y The backup runs daily on all
our servers and it generates a
copy of your entire account
and all data on it. Depending
on the hosting plan you
choose, we will keep a
different amount of backups
for your account. You can
review that in details here:
https://www.fastcomet.com/c
ompare-shared-package
2 Does the Backup include Data Backup? Y The backups are designed to
store all data on your
account. This includes all
files, databases, email
accounts and messages,
sub/parked/addon domains,
etc. It is a full backup of all
data on your accounts on the
server.
3 Does the Backup include daily backup, weekly backup and monthly Y It depends on the plan you
backup? choose. The shared hosting
plans have different
retention, but they are
generated daily. You can see
the available backup copies
for each of our shared
hosting plans here:
https://www.fastcomet.com/c
ompare-shared-package
4 What is the number of days for the Backup Copy Retention Period? Y It depends on the shared
hosting plan you choose. The
SmartStart and ScaleRight
plans have a retention set to 7
and the SpeedUp plan has a
retention set to 30. You can
see that in details here:
https://www.fastcomet.com/c
ompare-shared-package
5 Does your proposal include Offsite Backup? Y Yes, all our backups are kept
on a remote location.
6 In case of the primary system failure which significantly impacts on Y We can restore the service as
business services/revenue, what is the contingency plan to recover the quickly as technically
system operation? (e.g. Failover to the Backup Site) possible. In case of a disaster,
Please provide the details. we set up a new hardware
node and initiate a full
restore of the latest available
backup of the client, in order
to restore full operation of
the clients website.
7 How long will your application be expected to resume the system Y It depends on the size of the
3 Could your application be restricted to only allow our users to access Y You can request that from the
from our offices? (i.e. users cannot access the new software at home. One Tech Support, you just need
of the reasons is to prevent data leakage out of our office) Please provide to provide us the IP address
the details how to achieve the restriction. of the office.
4 Do you have any anti-malware and firewall/Intrusion Prevention System Y We have An intelligent
to protect the applications and the data in your solution? protection of your cloud
hosting environment
preventing password brute
force, denial of
service(DDoS attacks) and
many other common attacks.
Our In-House Web
Application Firewall is
specifically optimized for
open source applications,
such as Joomla, WordPress,
Magento and etc.
5 Not applicable for On-Premise software Please confirm if there are any N
incidents of non-compliance with your internal data privacy policy
within the last 5 years. If yes, please provide details of the incident(s)
and the actions taken.
6 Please confirm if there are any data breach incidents within the last 5 N
years. If yes, please provide details of the incident(s) and the actions
taken.
7 If your solution includes wireless devices, do the devices provide secured NA We are hosting provider and
wireless encryption and protection for data transmission? we do not offer wireless
devices.
What wireless encryption is used? Example , WPA2, WPA and WEP
7 Can your application be configured to require passwords to be re-entered N At this point we do not offer
after idle time over 30 minutes? such kind of services. This
depends on the cPanel
Can the length of the idle time be configured by ourselves in your service and you can submit a
application? feature request, in case you
(E.g. 5 minutes, 15 minutes) wish to see that in a future
release. The official Feature
Request portal of cPanel is
available here:
https://features.cpanel.net/
8 Can your application be configured to ensure that new password cannot N At this point we do not offer
be the same as any of the last four used for that account? such kind of services. This
depends on the cPanel
service and you can submit a
feature request, in case you
wish to see that in a future
release. The official Feature
Request portal of cPanel is
available here:
https://features.cpanel.net/
9 Does your application have the Forget Password function? Y Yeah, we do offer Password
Reset option for the Client
area.
1 Can the application be configured with an option to force a password N At this point we do not offer
0 change for a user when the use login? such kind of services. This
(This will be used when the System Administrator helps a user to reset depends on the cPanel
his/her password) service and you can submit a
feature request, in case you
wish to see that in a future
release. The official Feature
Request portal of cPanel is
available here:
https://features.cpanel.net/
3 Is your application fully compatible with IE11 and Microsoft Edge? Y Yeah, the client area is
supported by IE11 and
Please list out the modules/functions in your application if there is any Microsoft Edge.
areas incompatible.
4 What other browsers and versions are fully compatible with your Y Our website is accessible
application? from all the browsers.
3 Does your application support Android mobile devices? Y Our website, Client area can
be accessed from any kind of
device
4 What Android versions with the default browser are supported? Y It is supported from the last
version of IOS.
Please list out the modules/functions in your application if there is any
areas incompatible.
Y = Yes
N = No
NA = Not
Applicable
1 Where is your helpdesk/support centre? Y We are based in San
Francisco.
2 What is the support service hours for your helpdesk support? Y We work 24/7.
E.g. 24x7x365, 9am-6pm Mon-Fri
3 In your proposal, what is the SLA response time for the support services? Y The Tech Supprt update the
tickets in up to 10 minutes.
4 Any escalation paths such as emergency mobile numbers will be Y We are 24/7 available and
provided to HSH for critical incidents. you can reach us at any time
via ticketing system, chat or
Is the escalation valid in the non-office hours? Phone
SIGN OFF
Vendor / Services Provider: Hotel / Operation:
FastComet hosting Services