Storm ID

Microsoft Azure Cloud Hosting Consultancy & Implementation Services

Storm ID facilitates Microsoft Azure platform as a service encompassing:

Azure App Service - a fully managed cloud platform including DevOps, continuous integration with Visual Studio Online.

SQL Azure Database - a service providing web-facing database functionality as a utility service including rapid provisioning, scalability, high availability, and reduced management.


  • Expert consultancy to assess and capture hosting requitements
  • Managed hosting services design, commission and implementation
  • Service migration and set-up consultancy
  • Application development and integration service
  • Scalable, reliable, and secure global computing infrastructure
  • Disaster recovery


  • Rapid development and automating of business processes
  • Faster time to market
  • Increased scalability
  • Reduced cost of ownership
  • Reduced management overhead
  • Accelerates innovation
  • Agile development and Test Driven Development
  • Expert cloud service design and environment commissioning team
  • Fully managed environment
  • ISO 27001 Datacentres


£00.122 per instance per hour

Service documents

G-Cloud 11


Storm ID

Paul McGinness

0131 561 1250

Service scope

Service scope
Service constraints No service constraints.
System requirements All system requirements are supported

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Response times are categorised by service request priority: Urgent: 1 hour; High: 4 hours; Medium: 8 hours; Low: 16 hours.

Response times at weekends, public and bank holidays are negotiated separately.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Response times are categorised by service request priority: Urgent: 1 hour; High: 4 hours; Medium: 8 hours; Low: 16 hours.

P1 - Urgent: Complete loss of an entire service for all users or severe degradation resulting in inability to function;
P2 - High: Service functioning improperly resulting in some loss of service/system failure removing service from a number of users;
P3 - Medium: Service functioning at less than optimal performance/system problem impacting but not removing service, resolve minor bugs/site errors;
P4 - Low: Change requests.

Support services are tailored to each client and charges reflect the level of service required to support the service. Standard hourly rate is £105. A discounted rate of £95 can be had for bank of hours bought in advance.

Storm ID provide a Technical Account Manager backed up by a WebOps Team. Support can be accessed via an online ticketing system, email or phone. Enhanced support (outside office hours and at peak service use) is available optionally. Monitoring systems and alerts will be implemented with regular reports provided on service performance and support used.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Storm Web Operations team will provide the appropriate documentation and knowledge to allow training on use of the Azure management portal that is used as part of this service.
Service documentation No
End-of-contract data extraction Providers will retain the data of the user after termination of the contract. for a period of 30 days. During this period users will still be able to access the service and retrieve the data.
End-of-contract process After you cancel the subscription, your access to Azure services and resources will end.

Before you cancel your subscription:
- We will back up your data. For example, if you're storing data in Azure storage or SQL, download a copy. If you have a virtual machine, save an image of it locally.
- Shut down your services and stop any running virtual machines, applications, or other services.
- Work with you to migrating your data.

Using the service

Using the service
Web browser interface No
Command line interface No


Scaling available Yes
Scaling type Automatic
Independence of resources Virtualisation is used to ensure applications and users sharing the same infrastructure are kept apart.
Usage notifications Yes
Usage reporting
  • Email
  • SMS


Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Google Analytics
  • Bespoke Event Tracking
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Automated Azure Web App Protection and Replication
  • Automated Azure SQL database Protection and Replication
Backup controls Backups are managed by the Storm ID Web Operations Team who will work with customers to define backup regimes.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Azure App Service – We guarantee that Apps running in a customer subscription will be available 99.95% of the time SQL Azure Database – We guarantee at least 99.99% of the time customers will have connectivity between Microsoft Azure SQL Database and the Internet gateway.
Storm ID standard working hours / days are 09:00 to 17:30 Monday to Friday, excluding public & regional holidays. We perform the following target response and resolution times for support requests within supported hours.

We acknowledge that if the service levels fall below the quality we commit to then penalties will be incurred to compensate clients and drive service improvement. Penalties will typically involve an increasing scale of penalties resulting in an allocation free service credits to a client’s support account.
Approach to resilience Available on request.
Outage reporting Email alerts.

Identity and authentication

Identity and authentication
User authentication Limited access network (for example PSN)
Access restrictions in management interfaces and support channels Available on request
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication
Devices users manage the service through Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Storm ID are working towards ISO/IEC 27001:2013 (ISO 27001) which is the international standard that describes best practice for an information security management system (ISMS).
Information security policies and processes It is the policy of Storm ID to ensure that Information will be protected from a loss of:

Confidentiality: so that information is accessible only to authorised individuals.
Integrity: safeguarding the accuracy and completeness of information and processing methods.
Availability: that authorised users have access to relevant information when required.

The Operations Director and their team review and make recommendations on the security policy, policy standards, directives, procedures, incident management and security awareness education.

Regulatory, legislative and contractual requirements are incorporated into the Information Security Policy, processes and procedures.
The requirements of the Information Security Policy, processes, and procedures are be incorporated into the Storm’s operational procedures and contractual arrangements.

Storm ID is working towards implementing the ISO27000 standards, the International Standards for Information Security.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration and change management processes are handled by Assembla Helpdesk Tickets in the first instance, and accompanied by GIT commit documentation in code, prior to deployment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability management and patching is primarily handled by Microsoft Online Services as the service relies on Azure and in most cases is backed by Azure Active Directory. This is augmented by Kaspersky enterprise protection which scans registered internal and cloud based end points, alerting to out-of-date software and patch recommendations.

Vulnerability and threat information is gathered from multiple sources including security bulletin subscriptions and vendor specific knowledge base articles provided by Kaspersky. These notify us of new and emerging threats allowing us to deploy patches when available.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use 3rd party 'always-on' site monitoring services to detect any potential issues with service. We use site/server logging features, enabled in the Azure service portal, to subsequently search for any malicious activity on the site. We respond within 1hr to urgent issues.
Incident management type Supplier-defined controls
Incident management approach Storm ID has a pre-defined process for managing common incident events. All suspected security events are reported to the Operations Director by email, telephone or in person. The Operations Director will log the incident and notify the service owner and Storm ID Support Team. The Operations Director will provide incident reports in line with incident communication strategy.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres Microsoft has signed up as a participant and an endorser of the EU code of conduct for datacenter efficiency.

Microsoft’s Azure cloud has been carbon-neutral since 2012. Half of the energy it uses already comes from 1.2 gigawatts of wind, solar, and hydro-electric sources, which the company expects to make 60 percent by 2020 and 100 percent in the future.


Price £00.122 per instance per hour
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑