Storm ID facilitates Microsoft Azure platform as a service encompassing:
Azure App Service - a fully managed cloud platform including DevOps, continuous integration with Visual Studio Online.
SQL Azure Database - a service providing web-facing database functionality as a utility service including rapid provisioning, scalability, high availability, and reduced management.
- Expert consultancy to assess and capture hosting requitements
- Managed hosting services design, commission and implementation
- Service migration and set-up consultancy
- Application development and integration service
- Scalable, reliable, and secure global computing infrastructure
- Disaster recovery
- Rapid development and automating of business processes
- Faster time to market
- Increased scalability
- Reduced cost of ownership
- Reduced management overhead
- Accelerates innovation
- Agile development and Test Driven Development
- Expert cloud service design and environment commissioning team
- Fully managed environment
- ISO 27001 Datacentres
£00.122 per instance per hour
0131 561 1250
|System requirements||All system requirements are supported|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
A Support Desk offering:
Direct telephone line
Online logging of issues with tracking using Assembla
Enhanced support (e.g. outside of office hours, around key events etc) is optionally available
Help Desk available 8am-6pm Mon-Fri (ex Bank holidays)
24x7 Help Desk also available (additional charge)
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 A|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Help Desk Services encompass: Telephone support Email support Online logging of issues with tracking Enhanced support (e.g. outside of office hours, around key events etc) is optionally available.
We offer the following response and resolution times:
Priority 1: Emergency: Complete loss of an entire service for all users or severe degradation resulting in inability to function
(response less than 30 mins, resolve within 1 hour).
Priority 2: Urgent: Site functioning improperly resulting in some loss of service/system failure removing service from a number of users (response less than 1 hour resolve within 2 hours)
Priority 3: Non-Critical: Site functioning at less than optimal performance/system problem impacting but not removing service, resolve minor bugs/site errors (response less than 4 hours resolve within 2 days) Change Requests: (response less than 4 hours resolve within 2 days).
Charges. Support services are tailored to each customer and as such charges reflect the level of service required to support the application. For guidance an average charge of £70 per hour charged.
Storm will provide Technical Account Manager.
Monitoring system and alerts will be implemented with regular reports on service performance.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Storm Web Operations team will provide the appropriate documentation and knowledge to allow training on use of the Azure management portal that is used as part of this service.|
|End-of-contract data extraction||Providers will retain the data of the user after termination of the contract. for a period of 30 days. During this period users will still be able to access the service and retrieve the data.|
After you cancel the subscription, your access to Azure services and resources will end.
Before you cancel your subscription:
- We will back up your data. For example, if you're storing data in Azure storage or SQL, download a copy. If you have a virtual machine, save an image of it locally.
- Shut down your services and stop any running virtual machines, applications, or other services.
- Work with you to migrating your data.
Using the service
|Web browser interface||No|
|Command line interface||No|
|Independence of resources||Virtualisation is used to ensure applications and users sharing the same infrastructure are kept apart.|
|Infrastructure or application metrics||Yes|
|Reporting types||Regular reports|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
|Backup controls||Back ups are managed by the Storm Web Opps Team who will work with customers|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Azure App Service – We guarantee that Apps running in a customer subscription will be available 99.95% of the time SQL Azure Database – We guarantee at least 99.99% of the time customers will have connectivity between Microsoft Azure SQL Database and the Internet gateway.
Storm ID standard working hours / days are 09:00 to 17:30 Monday to Friday, excluding public & regional holidays. We perform the following target response and resolution times for support requests within supported hours.
We acknowledge that if the service levels fall below the quality we commit to then penalties will be incurred to compensate clients and drive service improvement. Penalties will typically involve an increasing scale of penalties resulting in an allocation free service credits to a client’s support account.
|Approach to resilience||Available on request.|
|Outage reporting||Email alerts|
Identity and authentication
|User authentication||Limited access network (for example PSN)|
|Access restrictions in management interfaces and support channels||Available on request|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Limited access network (for example PSN)|
|Devices users manage the service through||Dedicated device over multiple services or networks|
Audit information for users
|Access to user activity audit information||Users receive audit information on a regular basis|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Storm are working towards ISO/IEC 27001:2013 (ISO 27001) which is the international standard that describes best practice for an information security management system (ISMS).|
|Information security policies and processes||
It is the policy of Storm ID to ensure that Information will be protected from a loss of:
Confidentiality: so that information is accessible only to authorised individuals.
Integrity: safeguarding the accuracy and completeness of information and processing methods.
Availability: that authorised users have access to relevant information when required.
The Operations Director and their team review and make recommendations on the security policy, policy standards, directives, procedures, incident management and security awareness education.
Regulatory, legislative and contractual requirements are incorporated into the Information Security Policy, processes and procedures.
The requirements of the Information Security Policy, processes, and procedures are be incorporated into the Storm’s operational procedures and contractual arrangements.
Storm ID is working towards implementing the ISO27000 standards, the International Standards for Information Security.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Configuration and change management processes are handled by Assembla Helpdesk Tickets in the first instance, and accompanied by GIT commit documentation in code, prior to deployment.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Vulnerability management is handled by the Microsoft, who host the PaaS service. Internal vulnerability management is handled by our WSUS management and security bulletin subscriptions, which notify us of new threats. Where necessary, manual patches are deployed.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||We use 3rd party 'always-on' site monitoring services to detect any potential issues with service. We use site/server logging features, enabled in the Azure service portal, to subsequently search for any malicious activity on the site. We respond within 1hr to urgent issues.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Storm has a pre-defined process for managing common incident events.
All suspected security events are reported to the IT Director be email, telephone or in person.
The IT Director will log the incident and notify the service owner and Storm support team.
The IT Director will provide incident reports in line with incident communication strategy.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£00.122 per instance per hour|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Terms and conditions document||View uploaded document|