Storm ID

Diabetes Prevention Service

The Diabetes Prevention Service allows patients who are prediabetic to securely share activity, sleep and nutrition data, gathered from apps and wearables. Insight gleaned from the data can be used by health professionals to support patients in preventing prediabetes developing in to Type 2 diabetes.


  • Remote monitoring of health data for prediabetes
  • Structured data questionnaires
  • Two way messaging and connected social care plan
  • Data visualisation of data outputs from connected hardware and wearables
  • Standard APIs, identity, access and consent management services
  • Secure encryption of data in transit and at rest
  • Open standards for identity, powerful API and granular permissions
  • Distributed health data management model


  • Resilient, scalable and cost effective fully managed hosting service
  • Algorithm guided to improve decision making by health professionals
  • Improve community interventions and reduce hospital admissions
  • Improve quality and flexibility of healthcare delivery
  • Increase control and ownership of health data
  • Scale your service through improved access to users
  • GDPR compliant consent model built-in
  • Data API supports HL7v3


£50 to £250 per user per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


Storm ID

Paul McGinness

0131 561 1250

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No constraints
System requirements All system requirements are supported

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response Times: Emergency: loss of service less than 30mins. Urgent: Partial service loss or failure less than 1hr. Non Critical: sub optimal performance less than 2hrs. Change. Request: less than 4hrs. Support desk available Monday to Friday 9am - 5.30am Support Desk Sevice: Direct telephone line, Email support, Online logging of issues with tracking. Enhanced support (e.g. outside of office hours, around key events etc) is optionally available. Help Desk available 8am-6pm Mon-Fri (ex Bank holidays). 24x7 Help Desk also available (additional charge).
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Storm Help Desk Services encompass: Telephone support Email support Online logging of issues with tracking Enhanced support (e.g. outside of office hours, around key events etc) is optionally available.
We offer the following response and resolution times:
Priority 1: Emergency: Complete loss of an entire service for all users or severe degradation resulting in inability to function
(response less than 30 mins, resolve within 1 hour).
Priority 2: Urgent: Site functioning improperly resulting in some loss of service/system failure removing service from a number of users (response less than 1 hour resolve within 2 hours)
Priority 3: Non-Critical: Site functioning at less than optimal performance/system problem impacting but not removing service, resolve minor bugs/site errors (response less than 4 hours resolve within 2 days) Change Requests: (response less than 4 hours resolve within 2 days).
Charges. Support services are tailored to each customer and as such charges reflect the level of service required to support the application. For guidance an average charge of £70 per hour charged.
Storm will provide Technical Account Manager.
Monitoring system and alerts will be implemented with regular reports on service performance.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started To support customers use the service we offer a tailored training programme which can be delivered onsite or here at Storm.

Training documentation is provided and is often tailored to reflect the customers unique set-up.

A telephone support service is available free of charge to those who have attended to training.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data is extracted by logging a support request via Storm's support ticketing website service Assembla or by making request to extract through their Account Manager.
End-of-contract process Included within the price of the contact will be the decommissioning of all services and the supply of the application source code.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The admin functionality is optimised for desktop and tablet while the user interface for citizen access will be accessible on all devices.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Throughout our design and development lifecycle, websites and web applications are subject to both cursory automated accessibility reviews as well as more detailed, in-depth manual, expert reviews. All interfaces have been tested using assistive technologies including : screen readers, keyboard navigation, screen magnifiers and any that relate to the semantic structure of the markup languages that have been used. Extensions such as WAI-ARIA are used properly to provide additional levels of alerting users whenever dynamic interface refreshing takes place. There are no cognitive or perceptive barriers to the understanding of content and functionality (i.e. no interaction patters that would alienate audiences relying on assistive technologies or those who need more time to process information).
What users can and can't do using the API Users can make full use of REST API's in Storm hosted Umbraco service.

Customers can create there own API's REST APIs for Umbraco by utilizing ASP.Net's WebApi in conjunction with Umbraco's UmbracoApiController's.

Alternatively customers can use an existing REST API service which will support working with content, media, members & relations.

Set-up and access to the API's can be arranged by the Storm Service Manager.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Almost any element of the service can be customised to meet specific customer needs. Customisation is available to support the need to scale, to support specific security standards, monitoring and reporting or to provide extended help desk cover.

The Storm Service Account Manager can action any customisations to the service that is required.


Independence of resources Virtualisation technology is used to ensure applications and users sharing the same infrastructure are kept apart.


Service usage metrics Yes
Metrics types Using tools such as web analytics and other data sources Storm ID’s Performance team monitors and measures service performance to recommend where improvements to the service can be made.

These recommendations are reviewed with our clients to determine options for continued improvement.
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data is exported from the application on request via the Storm Service Manager.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Storm guarantee that our hosted Umbraco service will be available 99.95% of the time. We guarantee at least 99.99% of the time customers will have connectivity between Microsoft Azure SQL Database and the Internet gateway.

We acknowledge that if the service levels fall below the quality we commit to then penalties will be incurred to compensate clients and drive service improvement.

Financial penalties and service credits and their calculation will be agreed as part of the call-off agreement with the specific customer together with the terms and conditions and KPIs for the service.
Approach to resilience Available on request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Limited access network (for example PSN)
Access restrictions in management interfaces and support channels Available on request
Access restriction testing frequency At least every 6 months
Management access authentication Limited access network (for example PSN)

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Storm are working towards ISO/IEC 27001:2013 (ISO 27001) which is the international standard that describes best practice for an information security management system (ISMS).
Information security policies and processes It is the policy of Storm ID to ensure that Information will be protected from a loss of:
Confidentiality: so that information is accessible only to authorised individuals.
Integrity: safeguarding the accuracy and completeness of information and processing methods.
Availability: that authorised users have access to relevant information when required.

The Operations Director and their team review and make recommendations on the security policy, policy standards, directives, procedures, incident management and security awareness education.

Regulatory, legislative and contractual requirements are incorporated into the Information Security Policy, processes and procedures.
The requirements of the Information Security Policy, processes, and procedures are be incorporated into the Storm’s operational procedures and contractual arrangements.

Storm ID is working towards implementing the ISO27000 standards, the International Standards for Information Security.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Change management processes are employed to evaluate, control and minimise risks and costs, and to maintain the standards and quality criteria planned during project delivery

Extensive documentation of the service is maintained to ensure knowledge sharing and continuity of service into Production.

Storm ID employs a self-documenting approach to writing code and supplements this, where appropriate, with technical and user guides.

We do this in order to ensure that skills and knowledge are transferred to Storm ID’s operations and support staff to enable them to efficiently deliver ongoing support and maintenance services, in accordance with agreed SLAs.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability management is handled by the Microsoft, who host the (SaaS): Umbraco service. Internal vulnerability management is handled by our WSUS management and security bulletin subscriptions, which notify us of new threats. Where necessary, manual patches are deployed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We use 3rd party 'always-on' site monitoring services to detect any potential issues with service. We use site/server logging features, enabled in the Azure service portal, to subsequently search for any malicious activity on the site. We respond within 1hr to urgent issues .
Incident management type Supplier-defined controls
Incident management approach Storm has a pre-defined process for managing common incident events.

All suspected security events are reported to the IT Director be email, telephone or in person.

The IT Director will log the incident and notify the service owner and Storm support team.

The IT Director will provide incident reports in line with incident communication strategy.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £50 to £250 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A free trial service is available for a period of three months to evaluate the service. Up to ten user accounts are available to support the free trial evaluation.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑