Which are the security policies: any serious company usually has them. It is very easy that any it promises security to you, but first you must verify which are the policies and procedures that the supplier owns. Average What own to prevent attacks? How they act in cases of infection of malware?
What there is under the chassis: all the companies give details on the characteristic of their plans, but aside from this also it is important to know other data, as for example the hardware of the servant where we will lodge, the operating system, main software, etc.
Installation and maintenance of sofware: the majority of the suppliers offers fast installers who allow to install things as WordPress, Drupal or Joomla with a few clicks. Be your will supplier the one in charge to maintain the facilities to the day or you will have to do it by your account? You must find out that not to take surprises soon to you.
What safety measures stay active: it seems a somewhat idiot question, but in fact many suppliers put little emphasis in the security. It owns the supplier average to monitor suspicious activities? Account with firewall active?
Safe transactions: nowadays any serious company would have to use certificates SSL in the important areas such as the enter to the mail, the Control Panel, our account of hosting, etc. The SFTP use also gives points extra, although the certain thing is that the traditional FTP continues being the standard in the industry.