Content Guru Ltd (Redwood Technologies)

storm® RECORDER™

storm® RECORDER™ provides a platform for converged recording of multi-channel of communications. Covering fixed line and mobile voice, SMS and on-screen interactions, RECORDER ensures there are no loopholes in compliance and quality control frameworks. The data produced can either be stored in the cloud or on a user’s own system.


  • Fixed line & mobile voice recording
  • SMS capture and screen capture
  • Powerful tools for converged management of recordings
  • Effectively unlimited storage capacity available in the cloud
  • On-demand lets you switch recording on and off at will
  • Open architecture enables layering-in of recording capability over existing systems
  • Real-time and historical reporting shows data collated across all channels


  • Monitor quality in every aspect of contact centre activities
  • Record across all channels
  • RECORDER makes compliance easy
  • No need to replace existing systems
  • Access and manage recordings from different locations
  • Create truly consistent quality of service


£10 to £15 per unit

  • Free trial available

Service documents

G-Cloud 9


Content Guru Ltd (Redwood Technologies)

Sue Radley

+44 (0) 1344852350

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Storm support extends to the entire customer experience across all services, including hardware, connectivity and applications. If storm services are purchased through a partner, then front-line support may be provided by the partner and additional support provided by Content Guru. storm is multi-sited across resilient data centres, and all hardware is modular and resilient at every level, meaning that upgrades can take place with no disruption to service. Upgrade notifications are issued regardless.
System requirements Minimum operating system specification

User support

User support
Email or online ticketing support Email or online ticketing
Support response times As set out in the standard service level agreement.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Via weblink on contact page of company website.
Web chat accessibility testing None.
Onsite support Yes, at extra cost
Support levels Standard and bespoke support levels are available (for instance, 9-5 Mon-Fri, 7-7 Mon-Sun, 24/7/365). Costs are agrees as part of the overall services package. Technical support is provided by the dedicated, UK-based NOC.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started New users are provided with dedicated training by specialised platform experts. This can be delivered either face-to-face or online. Face-to-face training sessions are delivered either on customer premises or at the Content Guru headquarters in Bracknell. Online training sessions are delivered via live instructor-led webinars.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction There are several different options available to customers for extracting data at the end of the contract. Most customers will regularly extract data using storm's inbuilt reporting management tool, VIEW (into formats such as CSV, XLS and PDF). However, all data can be manually extracted by storm's engineering team and delivered to the customer at the end of the contract, if this is required.
End-of-contract process This varies based on the contract. Services can be decommissioned as part of the agreement, and there may be additional costs involved in decommissioning or transferring to other systems subject to the pre-agreed exit provisions.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None.
Accessibility standards None or don’t know
Description of accessibility The services are available through standard telephone connections. Management GUI's are accessible through standard browser interfaces.
Accessibility testing None.
What users can and can't do using the API Bespoke and off-the-shelf API's are available, subject to agreed specification.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Features and functionality can be fully customised, either by using the FLOW tool to amend service flows (by the user), or by bespoke development (by the supplier).


Independence of resources "As Europe’s largest cloud-based Communications Integration platform, storm provides users with access to massive capacity. The platform can be scaled to accommodate services for any size of business. With sufficient capacity to accommodate in excess of 150,000 additional users, live storm services can be instantly scaled up when required without impacting service for other users.
storm provides user organisations with access to an effectively unlimited number of ports in the cloud, with the platform able to accommodate tens of thousands of simultaneous calls across TDM and VoIP, with a voice capacity in excess of 60 million minutes per day."


Service usage metrics Yes
Metrics types Fully flexible and customisable real-time and historical reporting across multiple channels, with real-time notification alerts on service performance, trend analytics and service levels.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export all data via the VIEW reporting dashboard. VIEW has the facility for manual exports or for regular exports via FTP or email, and can be used to extract multiple different areas of data based on customisable criteria such as time periods.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability As set out in the standard service level agreement.
Approach to resilience The storm platform is maintained across multiple secure data centre sites in every territory where it is deployed to provided optimum availability and resilience. To this end, it is of paramount importance that all data centre sites and the data stored therein is synchronized. All constituent data centres supporting the platform are connected by resilient 1GB links, which are continuously subject to monitoring. All data centres and servers are kept in active-active configuration, with the resilient connections between them enabling the ongoing synchronization of all services and data.
Outage reporting The support team provides email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Each organisation’s storm solution requires the purchase of one or two administrator licences. Administrators require these separate licences to access admin privileges. As with all users, these require RSA-secured login. Administrator seats are assigned to named users, meaning these seats cannot be transferred to or used by another person. Supervisors can be given restricted access to above-standard features, and this is fully-configurable by administrators.
Access restriction testing frequency At least once a year
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyds Register Quality Assurance
ISO/IEC 27001 accreditation date 14/10/2015
What the ISO/IEC 27001 doesn’t cover Processes outside of those certified. Certificate states that the approved Information Security Management System is applicable to: the information security management system supporting cloud computing services through Content Guru and the design, development installation and maintenance of telecommunication systems, including hardware and software for Value Added Network Services, soft switching and computer technology solutions in accordance with the Statement of Applicability version 2.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification NCC Services Ltd (NCC Group)
PCI DSS accreditation date 25/01/2017
What the PCI DSS doesn’t cover All processes outside of those certified. Certification was for compliance with the Payment Card Industry Data Security Standard (PCI DSS) Version 3.2.
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards PCI DSS Level One. Currently undergoing Cyber Essentials Scheme (CES) certification.
Information security policies and processes Adheres to ISO 27001. All data centres are accredited to IL-3 standard. The building is protected by physical security barriers and card access points, visitors are logged. User logins are RSA-authenticated, requiring PINs (minimum 4 digits) followed by an RSA SecurID that refreshes every 60 seconds. VPN access is restricted to the necessary employees. All successful or failed accesses to certain areas, such as audit trails or cardholder data, is logged. System logs are reviewed several times daily by engineers. Errors or exceptions are logged in an xcl file. Items are assigned owners according to expertise, and investigated. This file is reviewed by an Engineering Manager, ensuring all investigated items are progressed or closed. Access to the raw data is restricted to the Engineering Manager, ensuring a copy of the audit cannot have been tampered with. All servers within the CDE are time-synchronised to ensure consistency, and synchronised every 15 mins. A security manager ensures policies are adhered to and is the point of contact for all security incidents. All employees are given security policy with compulsory security training. Heads of departments attend ISMS reviews. Security incidents are recorded in the Security Audit Report maintained by the Security Manager.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Requests for hardware and software changes are in the first instance submitted to the Change Control team to audit. The test platform ‘Ministorm’ has fixed managers who assess change requests. Application engineers ensure all changes conform to release notes. All work is undertaken on Ministorm primarily, and must be tested and signed-off by a senior engineer and the Change Control team. Affected clients are notified in advance. Any issues encountered are logged in the ECO database, using JIRA and GIT. Those that could affect security are flagged when the change request is first submitted and special documentation is needed.
Vulnerability management type Supplier-defined controls
Vulnerability management approach The vendors employ an approved third party scanning vendor to perform internal and external vulnerability scanning. Based on the information provided on a regular basis by the third party, the vendor's security team review and action the necessary patching. All patches are tested in the lab environment prior to live roll-out. Frequency of deployments are based on criticality of patches and schedule of planned work.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The platform is monitored continuously day and night, on a 24/7 basis. the processes include interrogation of data logs and real-time alerts based on system performance. Potential compromises are actioned immediately by the support team, using established processes.
Incident management type Supplier-defined controls
Incident management approach The vendor has standard documented procedures for incident management. User reports incidents to the Engineering Services team as part of the standard ticketing procedure.Incident reports are issued as the the agreed SLA's.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £10 to £15 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Base trial version available subject to contract.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑