Brainstorm Mobile Solutions Limited

Engage Hub Cloud Solution

Engage Hub is a real-time journey orchestration and cross-channel communications platform delivering improved CX and operational efficiencies. Engage Hubs dedicated Agile team offers rapid journey automation and hands-on journey mapping for enterprise companies. Use cases include digital process automation, call centre optimisation, and multichannel communications.


  • Real-time interaction management
  • Cross-channel Chat bots
  • Customer Journey Tracker
  • Cross-Channel marketing automation
  • Consent and contact management
  • Process and payment Automation
  • Call centre avoidance
  • Data and Journey orchestration
  • Natural Language Processor (NLP)
  • CRM


  • Improved C-Sat, NPS and Customer Experience scores
  • Enhanced Operational Efficiencies
  • Reduced call costs
  • Recuded Call wait times
  • Reduced call duration
  • Improved resolution times
  • Improved ROI on digital transformation
  • Campaign opimisation
  • Real-time journey optimisation
  • Automated 24/7 payment process


£750 a licence a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

3 3 7 4 3 3 5 7 6 3 0 3 4 6 4


Brainstorm Mobile Solutions Limited Mark Harris
Telephone: 07305312388

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Extension to CRM and other existing legacy platforms, call centre infrastructure, customer experience and satisfaction platforms
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
System requirements
  • The UI is web based, refer to supported web browsers
  • APIs require integration using JSON-RPC or XML-RPC

User support

Email or online ticketing support
Email or online ticketing
Support response times
We use an online issue management and ticketing tool called Case Manager which is our Proprietary ticketing system and knowledge repository, accessible by secure login on an individual basis.
Case Manager is intended for setting up and controlling the ultimate spectrum of customer support processes, including responding to, investigating and resolving issues, as well as sharing essential information and documents with customers in a quick and efficient way.

Our working business hours are 9am - 5.30pm Monday - Friday. Tickets raised at any time weekdays or weekends are managed depending on our SLA.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We appoint clients with a Relationship Manager who will be responsible for the day to day management of the account and services/solutions provided. This person will then work internally with the relevant teams required to fully support the account.

As part of the standard reviews there will be a documented service review which will be shared on regular basis which has details such as:
- reports against SLA KPIs
- usage statistics
- any cases opened, and current status
- service desk statistics
- any customer feedback
- maintenance schedule
- any change requests and status
- capacity reports

The client will have access:
- Professional Services - Project Managers, Solution Architects, Client Consultants, Bureau team
- Technical Support - In hours and Out of Hours support, Testers, Developers
- Relevant Finance and billing contacts.

For service support the client will have access to Case Manager which is the online ticketing tool, used to manage all requests.

Incidents/Faults are managed by the technical support team

Change and Project Requests are managed by the project team

Support hours are Monday - Friday 9am - 5.30pm

The support costs are built into the overall pricing depending on the level of support required.
Support available to third parties

Onboarding and offboarding

Getting started
We offer onsite and online training as well as user guides online also. We have a professional services team who work closely to manage our customer queries during business hours.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
End-of-contract data extraction
For consumer data
Depending on the data and due to GDPR restrictions users can download a limited amount of data from the GUI, or if all data is required a copy of the database can be provided in a secure manner.

For non consumer data or non personally identifier data this can be extracted from the GUI
End-of-contract process
At the end of the contract the supplier will provide reasonable support of migration to another system, and include a certain amount of support to extract any required data. The exact amount to be agreed by both parties at contract stage and an exit plan can be formulated and agreed upon.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
Web based user interface accessible from a web browser.

APIs allow data exchange programmatically.
Accessibility standards
None or don’t know
Description of accessibility
The platform is web based and accessible from a web browser.

APIs are also available which allow various remote applications to exchange customer and message data, as well as to send, receive or redirect messages.

If users aren't able to access the platform Engage Hub are able to manage services for customers.
Accessibility testing
The user interface hasn't been tested with assistive technology.
What users can and can't do using the API
The following APIs are available: Customer Care API (Query customer messages sent or received), Customer Management API (Manages customers), Event Management API (Manages customer entity data), Gateway APIs (Allows an application to send SMS and MMS messages), Location Provider API (Provisions location services), Login API (Queries system login information), Service Management API (Service creation and management, create a Send and Geolocation service only), Reports API (Request a report of all messages during a given month), Synapse API (Processes customer lists via synapse)

These APIs are based on the HTTP protocol, for security they use HTTPS (encrypted HTTP) when operating over the public internet.

The APIs use the JSON-RPC (preferred) or XML-RPC protocols. Developers can choose which protocol they prefer.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
We work to a roadmap where our feature set can be enhanced and new features can be built. Customers requests can form part of our roadmap at an extra cost.

Our online platform can also be white-labeled at an extra cost.


Independence of resources
Our hosted solution provides a high level of redundancy, resilience and performance.

The servers used are modern Dell servers which use fast processors with multiple cores ensuring multiple users can access resources at the same time.

The system is protected by redundant firewalls with automatic failover. Two web servers provide access to the UI and other services, load balancing provides redundancy.

Multiple application servers and load balancing provide redundancy for the core messaging and service functionality.


Service usage metrics
Metrics types
Message delivery reports and voice call information.

Bespoke reports are available but may incur an additional fee.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
CSV file from the web based user interface or via SFTP.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We have a very flexible SLA that we provide which is based on the customer requirements and solutions, and will be agreed upon by both parties at the point of contract.
We offer service credits for failed resolution times as per the SLA.
Approach to resilience
Our hosted solution is designed with resilience in mind.

The system is protected by redundant firewalls with automatic failover. Two web servers provide access to the UI and other services, load balancing provides redundancy.

Multiple application servers and load balancing provide redundancy for the core messaging and service functionality.

Database redundancy is provided by two Database servers.

The solution is hosted in a colocation facility which has all the benefits of a high-end colocation facility - for example extensive climate control systems to keep an optimal temperature for hardware, redundant internet connectivity and backup generators to cope with power grid failures.

More details are available on request.
Outage reporting
The software is self-monitoring via a proprietary architecture composed of a hierarchy of monitoring processes, and generates email alerts whenever a problem is detected, which includes both when the software itself detects and error condition (eg, a remote SMS gateway is not responding, or an assertion fails), or in the exceptional cases when one of the processes crash or stop responding. Moreover, in the rare event that one of the processes crashes due to a bug, the system pro-actively responds by restarting the process.

An external monitoring system monitors the health of the system, the availability of all the services and the response times.

Alerts are sent to our in house support team who are available 24/7 to deal with any problems.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
By default accounts are created with restricted access permissions.

All users of Administrative/Special access accounts must have account management instructions, documentation, and authorization.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Security Metrics
PCI DSS accreditation date
What the PCI DSS doesn’t cover
For solutions requiring payments our PCI compliant system must be used.

Please contact us for further information.
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security governance is aligned to ISO 27001.

We are in the process of gaining certification.
Information security policies and processes
Security governance is aligned to ISO 27001. We are in the process of gaining certification.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
System components such as operating systems, web, application and database servers are secured with industry best standards i.e. Center for Internet Security (CIS), Open Web Application Security Project (OWASP) & associated vendor security standards.

All changes undergo risk assessment and impact analysis. The risk assessment includes potential impact on system security.

Each change is given final approval by the CTO or by a senior technical team member nominated by the CTO.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Information about potential threats are taken from the US-CERT National Cyber Security Awareness System.

Vulnerability severity is categorised according to the scoring provided by US-CERT. A high CVSS is processed ASAP and no later than 30 days from patch release. A medium CVSS is processed in few weeks - up to three months (depending upon the impact on the system). A low CVSS is processed in months.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Intrusion detection and prevention and anti-virus tools are used on the system to detect and notify of malicious activity.

DDoS protection is also used to monitor the network against malicious packets.

The IT team monitor intrusion alerts 24/7 and are able to respond as soon as suspicious activity is noticed.

Along with automated monitoring regular system audits are also carried out.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents are investigated and managed according to our Security Management Policy.

Affected customers and/or partners are notified about the incident by email, telephone call or by Case Manager our ticketing system.

Once an incident is resolved a root cause analysis is provided.

Users can report incidents to our 24/7 support desk but email, telephone call or Case Manager.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£750 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
Time based Proof of Concept for 1 channel (x transactional costs)

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.