Bramble Hub Limited

Bramble Hub StoryShare - Connect

An online platform, communications outlet and app, intended to support transformational change programmes without using heavily transactional intranets.

Connect is an e magazine that revolutionises the way employees engage, collaborate and communicate whilst undertaking digital transformation.

The StoryShare brand is owned by 27partners.


  • Social - comments, likes, sharing, votes, etc.
  • People profiles - make communication and employee connections more accessible
  • Multimedia (video, text and document downloads) retains user's interest
  • Feedback – polling and Q&A
  • Offline usage - no user location restrictions with offline usage
  • Integration - intranet, SharePoint and Yammer
  • Works 'offline'


  • Stay updated at work, on the move or at home.
  • Works on any device - ‘Bring Your Own Device’ (BYOD)
  • User-friendly content management system drives user adoption
  • Ability to collaborate with one another for peer assisted development.
  • Ability to communicate business changes as they occur
  • Ability to provide instant feedback on operational changes
  • Access large amount of project content without cluttering your inbox


£1.60 per user per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


Bramble Hub Limited

Roland Cunningham

+44 (0) 2077350030

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to The service can provide video support for any intranet, internet site or learning management system
Cloud deployment model Public cloud
Service constraints None
System requirements N/a

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Acknowledgement times are within 30 minutes, support provision is 24/7 for system issues, 9/5 mon-fri for user support
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Tiered support contracts are available:

Level 1: Managing the resolution of service issues reported by the customer, where the customer performs the analysis.
Level 2: Assisting the customer with analysis of customer-side issues, and provide recommendations for fix.
Level 3: Assistance with the implementation of changes on the customer side to resolve issues.

Each level is priced according to the number of end-users covered. A technical account manager is also provided.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide any level of service required by the customer. This includes on-site assistance in uploading and customizing the interface, and migrating content from any existing service
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction At the end of the contact term we will extract the content and associated metadata and make it available to the customer via media such as DVD or portable HD
End-of-contract process As above, at the customer's request the content can be delivered on DVD or portable HD.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There are no feature differences between the mobile and desktop versions. The service is responsive to different screen sizes across desktop, tablet and mobile
Accessibility standards None or don’t know
Description of accessibility Accesible via the desktop and all of the features including submission, editing and management of content and users and access to the analytics interface are available.
Accessibility testing None
What users can and can't do using the API Users can access any content management function through the API. This is including but not limited to uploading content, making content metadata changes, changing access control rules and embedding content in third party services.
API documentation Yes
API documentation formats HTML
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The service allows for complete customisation through drag and drop templating and styling interfaces. Any page can be fully modified, either by the customer or via our professional services.


Independence of resources The service is scaled appropriately for the throughput of all users.


Service usage metrics Yes
Metrics types The service can report video playback information, including the duration of playback on a per-video basis. This information is available per-user or aggregated for the whole service.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data either by downloading it directly (for video files) or exporting the content metadata as XML. The service also provides for content export via the API.
Data export formats Other
Other data export formats XML
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Availability of the platform Is 99.99%. mozi has no required downtime periods for upgrades etc. In the event unusual maintenance does have to be performed that involves downtime then the customer is informed at least 48 hours in advance. Disaster recovery time is currently 24-48 hours depending on severity. Service credits are available in the event of a breach of SLA, and these vary according to the class of service purchased by the customer.
Approach to resilience This information is available on request
Outage reporting Email alerts are sent in the event of an outage

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels The application supports role-based access controls, which can be managed in an external identity provider such as Google Apps or Active Directory. The user groups in these directories will be used to enforce levels of access, both to the administrative parts of the application (content upload and management) and in the front-end to enforce access control rules for all content items.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach As a provider of hosted applications and data storage, 27partners takes the privacy and security of its customers’ data very seriously. 27partners has a formal, documented, comprehensive, and mandatory information security program comprised of a published and regularly updated security policy covering controls, standards and procedures. The program is monitored and enforced by executive management.
Information security policies and processes As a provider of hosted applications and data storage, 27partners takes the privacy and security of its customers’ data very seriously. 27partners has a formal, documented, comprehensive, and mandatory information security program comprised of a published and regularly updated security policy covering controls, standards and procedures. The program is monitored and enforced by executive management.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The formal Change Control Process governs the application of feature enhancements, security-related fixes and service packs. The requestor, business owners, and/or project sponsor reviews and approve changes prior to introduction into the production environment. Approvals for release into production are based upon Quality Assurance (QA) certification reports.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Software developers are thoroughly evaluated on their application security knowledge during the hiring process and take application security training classes as required to keep abreast of new technologies or techniques when they are adopted in Kontiki products and services. Developers are provided with statistics on the most common vulnerabilities found in their applications along with recommended prevention and remediation measures. As vulnerabilities are discovered, they are reviewed with the developer and practices are adopted to prevent recurrence.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The Operations Team uses a combination of industry standard and application specific monitoring of the application and its associated services to ensure system integrity and security. System access is captured using a number of methods including web and event logs. The application itself has a number of real time monitors and security logs that are used to automatically alert operations personnel of a problem. Operations also maintains an on-call rotation with senior engineering staff available 24 x 7 to address issues. All administrative data traffic is transported over a point-to-point private link or using SSH.
Incident management type Supplier-defined controls
Incident management approach Within four hours of the incident, 27partners will conduct an incident review to determine the nature of the incident and will take all appropriate actions to contain any breach.
The affected customer will be notified within 24 hours.
27partners maintains a formal incident management process that includes IT security breaches (viruses, hacking, etc.) which is current and reviewed annually.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.60 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The free version of the service is a fully functional but time limited trial

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑