Redwood Technologies Ltd

storm® RECORDER™

storm® RECORDER™ provides a platform for converged recording of multi-channel of communications. Covering fixed line and mobile voice, SMS and on-screen interactions, RECORDER ensures there are no loopholes in compliance and quality control frameworks. The data produced can either be stored in the cloud or on a user’s own system.


  • Full contact recording functionality across all contact channels
  • Multichannel (text, voice and video) recording and screen capture
  • Powerful tools for converged management of recordings
  • Unlimited storage capacity available in the cloud
  • Open architecture enables layering-in of recording capability over existing systems
  • Real-time and historical reporting shows data collated across all channels
  • PCI-DSS Compliant call recording


  • Monitor quality in every aspect of contact centre activities
  • Record across all channels
  • RECORDER makes compliance easy
  • No need to replace existing systems
  • Access and manage recordings from different locations
  • Create truly consistent quality of service
  • Create truly consistent quality of service
  • PCI-DSS Compliant call recording
  • Find old recordings quickly by content search
  • Comply with call retention regulations across industry types


£33.75 per user per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

5 4 3 0 3 1 0 9 3 2 9 6 5 5 0


Redwood Technologies Ltd

James Horsley

+44 (0) 1344852350

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints Storm support extends to the entire customer experience across all services, including hardware, connectivity and applications. If storm services are purchased through a partner, then front-line support may be provided by the partner and additional support provided by Content Guru. storm is multi-sited across resilient data centres, and all hardware is modular and resilient at every level, meaning that upgrades can take place with no disruption to service. Upgrade notifications are issued regardless.
System requirements Minimum operating system specification.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Tickets are categorised according to their impact (P1-P4) as defined in standard service level agreement please see terms and conditions standard response times are as follows. P1 : within 15 minutes P2 : within 30 Minutes P3 : within 1 working day P4 : within 1 working day
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard and bespoke support levels are available (for instance, 9-5 Mon-Fri, 7-7 Mon-Sun, 24/7/365).
Costs are agreed as part of the overall services package.
Technical support is provided by the dedicated, UK-based NOC.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started New users are provided with dedicated training by specialised platform experts. This can be delivered either face-to-face or online. Face-to-face training sessions are delivered either on customer premises or at the Redwood Technologies headquarters in Bracknell. Online training sessions are delivered via live instructor-led webinars.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction There are several different options available to customers for extracting data at the end of the contract. Most customers will regularly extract data using storm's inbuilt reporting management tool, VIEW (into formats such as CSV, XLS and PDF). However, all data can be manually extracted by storm's engineering team and delivered to the customer at the end of the contract, if this is required.
End-of-contract process This varies based on the contract. Services can be decommissioned as part of the agreement, and there may be additional costs involved in decommissioning or transferring to other systems subject to the pre-agreed exit provisions.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None.
Service interface Yes
Description of service interface RECORDER records all channels (voice and text). Recent recording are displayed on separate pages for easy access. On a separate page, all recordings can be searched using multiple fields. Administrators can select an option in the Admin Portal to have all conversations recorded/not record any conversations/allow the user to turn call recording on and off. Users can click on an item in their call history to download the call recordings and supervisors use the RECORDER application to listen to call recordings and view text interactions.
Accessibility standards None or don’t know
Description of accessibility High contrast settings are available and users can change font sizes and color
Accessibility testing No official and documented testing as been conducted at this point in time.
What users can and can't do using the API Bespoke and off-the-shelf APIs are available, subject to agreed specification.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Features and functionality can be fully customised, either by using the FLOW tool to amend service flows (by the user), or by bespoke development (by the supplier).


Independence of resources As Europe’s largest cloud-based Communications Integration platform, storm provides users with access to massive capacity. The platform can be scaled to accommodate services for any size of business. With sufficient capacity to accommodate in excess of 150,000 additional users, live storm services can be instantly scaled up when required without impacting service for other users.
storm provides user organisations with access to an effectively unlimited number of ports in the cloud, with the platform able to accommodate tens of thousands of simultaneous calls across TDM and VoIP, with a voice capacity in excess of 60 million minutes per day.


Service usage metrics Yes
Metrics types Fully flexible and customisable real-time and historical reporting across multiple channels, with real-time notification alerts on service performance, trend analysis and service levels.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export all data via the VIEW reporting dashboard. VIEW has the facility for manual exports or for regular exports via FTP or email, and can be used to extract multiple different areas of data based on customisable criteria such as time periods.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability As set out in the standard Service Level Agreement.
Approach to resilience The storm platform is maintained across multiple secure data centre sites in every territory where it is deployed to provided optimum availability and resilience. To this end, it is of paramount importance that all data centre sites and the data stored therein is synchronized. All constituent data centres supporting the platform are connected by resilient 1GB links, which are continuously subject to monitoring. All data centres and servers are kept in active-active configuration, with the resilient connections between them enabling the ongoing synchronization of all services and data.
Outage reporting The Support Team provides email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Each organisation’s storm solution requires the purchase of one or two administrator licences. Administrators require these separate licences to access admin privileges. As with all users, these require RSA-secured login. Administrator seats are assigned to named users. Supervisors can be given restricted access to above-standard features, and this is fully-configurable by administrators.
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 LLoyds Register Quality Assurance
ISO/IEC 27001 accreditation date 03/10/2018
What the ISO/IEC 27001 doesn’t cover Processes outside of those certified. Certificate states that the approved Information Security Management System is applicable to: the information security management system supporting cloud computing services through Content Guru and the design, development, installation and maintenance of telecommunication systems, including hardware and software for Value Added Network Services, soft switching and computer technology solutions in accordance with Statement of Applicability version 2.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification NCC Services Ltd (NCC Group)
PCI DSS accreditation date 30/01/2018
What the PCI DSS doesn’t cover All processes outside of those certified. Certification was for compliance with the Payment Card Industry Data Security Standard (PCI DSS) Version 3.2.
Other security certifications Yes
Any other security certifications Cyber Essentials Scheme (CES)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Scheme (CES) certification.+PCI-DSS Level 1.
Information security policies and processes Adheres to ISO 27001. All data centres are accredited to IL3 standard and certified to IL27001. The building is protected by physical security barriers and card access points, visitors are logged. User logins are RSA-authenticated, requiring PINs followed by an RSA SecurID that refreshes every 60 seconds. VPN access is restricted to the necessary employees. All successful or failed accesses to certain areas, such as audit trails or cardholder data, are logged. System logs are reviewed several times daily by engineers. Errors or exceptions are logged. Items are assigned owners according to expertise, and investigated. This file is reviewed by an Engineering Manager, ensuring all investigated items are progressed or closed. Access to the raw data is restricted to the Engineering Manager, ensuring a copy of the audit cannot have been tampered with. All servers within the CDE are time-synchronised to ensure consistency, and synchronised every 15 mins. A security manager, the point of contact for all security incidents, ensures all policies are adhered to. All employees are given security policy with compulsory security training. Heads of departments attend ISMS reviews. Security incidents are recorded in the Security Audit Report maintained by the Security Manager.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Requests for hardware and software changes are in the first instance submitted to the Change Control team to audit. The test platform ‘Ministorm’ has fixed managers who assess change requests. Application engineers ensure all changes conform to release notes. All work is undertaken on Ministorm primarily, and must be tested and signed-off by a senior engineer and the Change Control team. Affected clients are notified in advance. Any issues encountered are logged in the ECO database, using JIRA and GIT. Those that could affect security are flagged when the change request is first submitted and special documentation is needed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The vendor employs an approved third party scanning vendor to perform internal and external vulnerability scanning. Based on the information provided on a regular basis by the third party, the vendor's security team review and action the necessary patching. All patches are tested in the lab environment prior to live roll-out. Frequency of deployments are based on criticality of patches and schedule of planned work.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The platform is monitored continuously day and night, on a 24/7 basis. The processes include interrogation of data logs and real-time alerts based on system performance. Potential compromises are actioned immediately by the support team, using established processes.
Incident management type Supplier-defined controls
Incident management approach The vendor has standard documented procedures for incident management. User reports incidents to the Engineering Services team as part of the standard ticketing procedure. Incident reports are issued as per the agreed SLAs.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


Price £33.75 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Base trial version available subject to contract.

Service documents

Return to top ↑