SingleHop

Company Lifetime. How long has the company existed?



   • As a legal entity SingleHop began in 2006. As an operation SingleHop has been in continuous existence since 2003, having its origins as the network and cluster division of midPhase services.


Partners. How is the service offered and what partners are involved?



   • All of our dedicated and complex hosting solutions are installed, maintained, and supported by staff employed trained and consistently reviewed by SingleHop.

   • All work is performed on equipment owned and maintained by SingleHop. The datacenters are managed by independent contractors, but they do not have any access, control, or say over our daily operations.

   • No outside consultants, contractors, or partners are involved in the on-going operations, unless specifically requested by customers requiring a custom solution.


Services. What services are offered?



   • SingleHop focuses on offering leased, dedicated, and complex hosting solutions. Our high-performance servers and powerful network capacity provides the backbone for innumerable dedicated hosting solutions for over 2000 customers in over 100 countries.

   • Complex hosting. We offer the research, design, and implementation of complex multi-server configurations in cluster, load balancing, high-availability, and other types of setups for large and application intensive needs, such as Saas, and sites with significant levels of traffic or processing needs.


What qualifications does the provider have with respect to Service Management and IT Security (ISO 20000 (ITIL), ISO 27001)?



   • SingleHop management is currently reviewing the receipt of both of these certifications, but does not currently hold them.


Does the provider have an information security framework for providing services?



   • SingleHop maintains data centers with high levels of physical and data security through detailed lists of authorized personnel, entrance logging, and restricted access protocols, proxy-card, biometric security measures, and video recording of all activity on premises is enforced at all times.


What framework does the provider use for IT Security? Examples are ISO 17799 or the ISF Standard of Good Practice.



   • All databases, client information systems, customer relationship management systems and other systems used to store customer information are secured using RSA SecurID technology, which is a form of two-factor authentication. Each authorized user is issued an access token with a time-locked security code that changes every 60 seconds displayed on the token. This token code, in combination with a security phrase, which is unique to each employee, and is selected by the employee and never known to any other SingleHop staff; RSA technology enables us to remotely restrict access to any employee and view detailed IN/OUT logs for each employee.


Does the provider have a SAS 70 type II certificate on the services it provides?



   • Yes we can provide current certification for both of our datacenter locations upon request.


What measures have been taken for protecting the infrastructure and the service?



   • Physical Security. All hardware, including firewalls, routers, and other key networking equipment in our data centers are physically secured inside the data center, the hardware is stored in rows of individual cabinets, with each cabinet itself secured by a key-lock combination code. Access to computer rooms is restricted by RFID proxy-card and/or biometric security measures. All visitors are escorted at all times and are unable to access any area without escort. Video surveillance provides an additional record for each visit.

   • Access. For an employee to enter into a data center they must have been provided with the correct credentials such as their previously provided RFID card, bio-metric readings, pin codes or passwords. All of these measures are checked and then access is granted. Each instance of entry and exit is logged in the security access database at each facility.

   • Barcode and RFID. Furthermore, for security purposes all hardware in our data center is only marked by barcode. There are no external markings determining the company or client that is hosted on the server.

   • No hardware may be removed from any SingleHop data center without prior authorization from SingleHop Data Center Operations and management.


Does the provider have a structured and agreed Information Security Policy? Is it possible to see and read this Information Security Policy?



   • Yes this security policy is available upon request.


How is the security of external parties (customers, suppliers etc) managed?



   • Any third party that visits our facilities must be accompanied by a SingleHop employee at all times. Other third parties that visit the facilities that are not involved with SingleHop are screened, monitored, and reviewed by the security teams at both of our datacenters.


What backup solution and policy does the provider support?



   • We offer backup solutions that include backups into shared storage systems, and a SAN available also.


What controls are in placed to prevent the introduction or propagation of malicious code (e.g. worms, viruses)?



   • Our internal code, software, and systems is consistently monitored for data-based security threats.

   • We also offer enterprise grade security monitoring for clients data, but cannot guarantee their protection unless we are able to freely access their systems, which means that they must be fully managed.


What is the availability of support staff? Is support provided 24/7?



   • SingleHop provides support 24/7/365 for all clients.

   • If Management services are purchased, the company offers 2 hours of non-troubleshooting assistance per server, per month.

   • Both datacenters are continually staffed 24/7/365 to assist with any hardware or software issues that may arise.


Has the infrastructure been hardened according to industry best practices? For example, using the NSA checklist or using tools from the Centre for Internet Security?



   • We provide services to many clients who demand PCI compliance, and are continually reviewing potential vulnerabilities according to industry best practices. We do not specifically follow any one particular standard, as we generally adapt to what our varied and specific client needs are.

   • While our internal infrastructure is hardened against multiple


How are potential technical vulnerabilities obtained, evaluated and responded to?



   • We have an active internal process for reporting, fixing, and monitoring potential vulnerabilities. All technical employees are allowed to post potential issues, and dedicated developers continually work on addressing the issues or creating new systems that stay ahead of the threats.


What possibilities exist for encrypted data storage, including database storage?



   • The Sky is the limit. Much of our business rests on our customers ability to highly modify their solutions. Thus many clients have highly complex and secure solutions that our technical support staff does not even have access to.


What possibilities are supported for secure connections, such as VPN etc.?



   • We own SSL-VPN equipment and provide enterprise grade SSL-VPN connections through specific hardware focused on this capability.

   • The SSL-VPN connects to our internal 1Gbps private network that allows multi-server configurations to interact securely and quickly.


Does the provider have business continuity plans? If so, how are they maintained and how often are they tested?



   • We do have business continuity plans focused on maintaining our datacenters running. Both of our datacenters have N+1 or better redundancy in all core systems.

   • Backups of all internal data are done several times a day, every day.


What experience does the provider have with regards to Data Protection and Privacy regulations?



   • SingleHop uses industry standard SSL-based 128-bit encryption for all data communications between our front-end systems and our back-end systems for additional security.

   • As a data-bank, of sorts, SingleHop takes issues of privacy extremely seriously. Each account is assigned authorized users who must verify security information before any changes will be done to the account.

   • We provide dedicated and complex-hosting solutions customized to our clients every need. Our customers have all the freedom to implement security procedures and equipment that best fits their needs. While we have highly strict measures of internal data security, such as the RSA SecurID technology, there is no limit to the security customizations that clients may desire.


Is it possible for our representatives to access the premises and audit the security (including performing IT security vulnerability testing) and under which conditions?



   • Upon request we welcome for independent representatives to tour our facilities and review our physical and data security procedures.


What experience does the provider have related to Sarbanes-Oxley and other regulatory schemes such as Basel-II



   • SingleHop's finance department is staffed with individuals with prior experience with these regulatory procedures.

   • As a privately held corporation, SingleHop itself does not have experience in these regulatory areas.
About SingleHop:
Company overview
Manifesto & mission
Meet the SingleHop team
Customer testimonials
Industry awards
Data center facilities
Official blog
Link to us
Press releases
Other Resources:
Open source community support
Affiliate program
Corporate FAQ
Network details
Hardware details
Green & eco-friendly hosting
Legal:
Terms of Service
Privacy Policy
DMCA Notices