Redwood Technologies Ltd

storm® SHOUT™

storm® SHOUT™ is a mass multimedia alerts system which enables business to provision and distribute messages instantaneously. SHOUT delivers messages via SMS, voice, email, instant messaging or any other form of communication depending on what will best suit the situation and recipient, delivering effective, immediate mass communication.


  • Multi-channel instant messaging on a mass scale
  • Rapid provisioning of messages from a simple-to-use portal
  • Contact groups defined in advance or created on the spot
  • Integration with CRM and other databases automates information flow
  • Real-time reporting for tracking effectiveness and monitoring response
  • AI based personalisation of messaging


  • Public sector organisations can rapidly distribute information during civil emergencies
  • Supermarkets can remove dangerous products off the shelves within minutes
  • Send personalised updates about service disruptions to thousands of customers
  • Replace manual processes for disseminating information
  • Increase internal efficiency
  • Time promotions to the minute, e.g. one hour lunch-break deals
  • Deliver rapid speed-to-market
  • Communicate over a wide range channels
  • Mass notification of citizens and customers


£281.25 per licence per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

2 9 1 7 6 3 4 1 2 1 6 8 0 3 4


Redwood Technologies Ltd

James Horsley

+44 (0) 1344852350

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Storm support extends to the entire customer experience across all services, including hardware, connectivity and applications. If storm services are purchased through a partner, then front-line support may be provided by the partner and additional support provided by Content Guru. storm is multi-sited across resilient data centres, and all hardware is modular and resilient at every level, meaning that upgrades can take place with no disruption to service. Upgrade notifications are issued regardless.
System requirements
Minimum operating system specification.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Tickets are categorised according to their impact (P1-P4) as defined in standard service level agreement please see terms and conditions standard response times are as follows. P1 : within 15 minutes P2 : within 30 Minutes P3 : within 1 working day P4 : within 1 working day
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Standard and bespoke support levels are available (for instance, 9-5 Mon-Fri, 7-7 Mon-Sun, 24/7/365).
Costs are agreed as part of the overall services package.
Technical support is provided by the dedicated, UK-based NOC.
Support available to third parties

Onboarding and offboarding

Getting started
New users are provided with dedicated training by specialised platform experts. This can be delivered either face-to-face or online. Face-to-face training sessions are delivered either on customer premises or at the Redwood Technologies headquarters in Bracknell. Online training sessions are delivered via live instructor-led webinars.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
There are several different options available to customers for extracting data at the end of the contract. Most customers will regularly extract data using storm's inbuilt reporting management tool, VIEW (into formats such as CSV, XLS and PDF). However, all data can be manually extracted by storm's engineering team and delivered to the customer at the end of the contract, if this is required.
End-of-contract process
This varies based on the contract. Services can be decommissioned as part of the agreement, and there may be additional costs involved in decommissioning or transferring to other systems subject to the pre-agreed exit provisions.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
Description of service interface
Contacts across multiple channels can be configured. A point and click graphic user interface is used by administrators. alternatively CSV files details contacts can be upload for mass communication broadcasts
Accessibility standards
None or don’t know
Description of accessibility
High contrast settings are available and users can change font sizes and color
Accessibility testing
No official and documented testing as been conducted at this point in time.
What users can and can't do using the API
Bespoke and off-the-shelf APIs are available, subject to agreed specification.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Features and functionality can be fully customised, either by using the FLOW tool to amend service flows (by the user), or by bespoke development (by the supplier).


Independence of resources
As Europe’s largest cloud-based Communications Integration platform, storm provides users with access to massive capacity. The platform can be scaled to accommodate services for any size of business. With sufficient capacity to accommodate in excess of 150,000 additional users, live storm services can be instantly scaled up when required without impacting service for other users.
storm provides user organisations with access to an effectively unlimited number of ports in the cloud, with the platform able to accommodate tens of thousands of simultaneous calls across TDM and VoIP, with a voice capacity in excess of 60 million minutes per day.


Service usage metrics
Metrics types
Fully flexible and customisable real-time and historical reporting across multiple channels, with real-time notification alerts on service performance, trend analysis and service levels.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export all data via the VIEW reporting dashboard. VIEW has the facility for manual exports or for regular exports via FTP or email, and can be used to extract multiple different areas of data based on customisable criteria such as time periods.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
As set out in the standard Service Level Agreement.
Approach to resilience
The storm platform is maintained across multiple secure data centre sites in every territory where it is deployed to provided optimum availability and resilience. To this end, it is of paramount importance that all data centre sites and the data stored therein is synchronized. All constituent data centres supporting the platform are connected by resilient 1GB links, which are continuously subject to monitoring. All data centres and servers are kept in active-active configuration, with the resilient connections between them enabling the ongoing synchronization of all services and data.
Outage reporting
The Support Team provides email alerts.

Identity and authentication

User authentication needed
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Each organisation’s storm solution requires the purchase of one or two administrator licences. Administrators require these separate licences to access admin privileges. As with all users, these require RSA-secured login. Administrator seats are assigned to named users. Supervisors can be given restricted access to above-standard features, and this is fully-configurable by administrators.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
LLoyds Register Quality Assurance
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Processes outside of those certified. Certificate states that the approved Information Security Management System is applicable to: the information security management system supporting cloud computing services through Content Guru and the design, development, installation and maintenance of telecommunication systems, including hardware and software for Value Added Network Services, soft switching and computer technology solutions in accordance with Statement of Applicability version 2.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
NCC Services Ltd (NCC Group)
PCI DSS accreditation date
What the PCI DSS doesn’t cover
All processes outside of those certified. Certification was for compliance with the Payment Card Industry Data Security Standard (PCI DSS) Version 3.2.
Other security certifications
Any other security certifications
Cyber Essentials Scheme (CES)

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Scheme (CES) certification + PCI-DSS Level 1.
Information security policies and processes
Adheres to ISO 27001. All data centres are accredited to IL3 standard and certified to IL27001. The building is protected by physical security barriers and card access points, visitors are logged. User logins are RSA-authenticated, requiring PINs followed by an RSA SecurID that refreshes every 60 seconds. VPN access is restricted to the necessary employees. All successful or failed accesses to certain areas, such as audit trails or cardholder data, are logged. System logs are reviewed several times daily by engineers. Errors or exceptions are logged. Items are assigned owners according to expertise, and investigated. This file is reviewed by an Engineering Manager, ensuring all investigated items are progressed or closed. Access to the raw data is restricted to the Engineering Manager, ensuring a copy of the audit cannot have been tampered with. All servers within the CDE are time-synchronised to ensure consistency, and synchronised every 15 mins. A security manager, the point of contact for all security incidents, ensures all policies are adhered to. All employees are given security policy with compulsory security training. Heads of departments attend ISMS reviews. Security incidents are recorded in the Security Audit Report maintained by the Security Manager.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Requests for hardware and software changes are in the first instance submitted to the Change Control team to audit. The test platform ‘Ministorm’ has fixed managers who assess change requests. Application engineers ensure all changes conform to release notes. All work is undertaken on Ministorm primarily, and must be tested and signed-off by a senior engineer and the Change Control team. Affected clients are notified in advance. Any issues encountered are logged in the ECO database, using JIRA and GIT. Those that could affect security are flagged when the change request is first submitted and special documentation is needed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The vendor employs an approved third party scanning vendor to perform internal and external vulnerability scanning. Based on the information provided on a regular basis by the third party, the vendor's security team review and action the necessary patching. All patches are tested in the lab environment prior to live roll-out. Frequency of deployments are based on criticality of patches and schedule of planned work.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The platform is monitored continuously day and night, on a 24/7 basis. The processes include interrogation of data logs and real-time alerts based on system performance. Potential compromises are actioned immediately by the support team, using established processes.
Incident management type
Supplier-defined controls
Incident management approach
The vendor has standard documented procedures for incident management. User reports incidents to the Engineering Services team as part of the standard ticketing procedure. Incident reports are issued as per the agreed SLAs.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


£281.25 per licence per month
Discount for educational organisations
Free trial available
Description of free trial
Base trial version available subject to contract.

Service documents

Return to top ↑