G-Cloud 11 services are suspended on Digital Marketplace

If you have an ongoing procurement on G-Cloud 11, you must complete it by 18 December 2020. Existing contracts with Redwood Technologies Ltd are still valid.
Redwood Technologies Ltd

storm® CONTACT™

storm® CONTACT™ is a multi-channel CCaaS (Contact Centre as a Service) solution for inbound and outbound interactions, delivering iACD® (intelligent Automated Contact Distribution) for any size of organisation. This connects people and devices to the best automated or live resources, however, wherever, whenever and in whatever quantity they interact.

Features

  • Multi-channel intelligent Automated Contact Distribution (iACD)
  • 100% browser-based interfaces for billing, agents, supervisors and administrators
  • Integrated IVR and ASR: automation with onward routing to agents
  • Blended inbound and outbound environment
  • Integration with any system, database or resource e.g. CRM
  • Virtually unlimited scalability
  • Intuitive management interfaces
  • Blended queuing of SMS, social media, voice, web, IM, email
  • Mediated Interaction Matching for skills & personality-based routing
  • All interactions recorded

Benefits

  • Process multi-channel contacts in a single interface
  • Connect customers to the best available information or agent
  • Maximise the value of your skilled agents
  • Optimise contact centre performance through reporting and management interface
  • Extend value of existing systems through integration
  • Handle any volume of simultaneous demand
  • Deliver enhanced customer engagement
  • Enable multi-channel customer journey
  • Automate interactions and provide agent hints for improved customer service

Pricing

£23.43 to £118.13 a user a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@redwoodtech.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 11

Service ID

9 2 6 0 0 4 3 1 4 2 0 0 2 3 9

Contact

Redwood Technologies Ltd James Horsley
Telephone: +44 (0) 1344852350
Email: gcloud@redwoodtech.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Storm support extends to the entire customer experience across all services, including hardware, connectivity and applications. If storm services are purchased through a partner, then front-line support may be provided by the partner and additional support provided by Content Guru. storm is multi-sited across resilient data centres, and all hardware is modular and resilient at every level, meaning that upgrades can take place with no disruption to service. Upgrade notifications are issued regardless.
System requirements
Minimum operating system specification.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Tickets are categorised according to their impact (P1-P4) as defined in standard service level agreement please see terms and conditions standard response times are as follows. P1 : within 15 minutes P2 : within 30 Minutes P3 : within 1 working day P4 : within 1 working day
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Standard and bespoke support levels are available (for instance, 9-5 Mon-Fri, 7-7 Mon-Sun, 24/7/365).
Costs are agreed as part of the overall services package.
Technical support is provided by the dedicated, UK-based NOC.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
New users are provided with dedicated training by specialised platform experts. This can be delivered either face-to-face or online. Face-to-face training sessions are delivered either on customer premises or at the Redwood Technologies headquarters in Bracknell. Online training sessions are delivered via live instructor-led webinars.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
There are several different options available to customers for extracting data at the end of the contract. Most customers will regularly extract data using storm's inbuilt reporting management tool, VIEW (into formats such as CSV, XLS and PDF). However, all data can be manually extracted by storm's engineering team and delivered to the customer at the end of the contract, if this is required.
End-of-contract process
This varies based on the contract. Services can be decommissioned as part of the agreement, and there may be additional costs involved in decommissioning or transferring to other systems subject to the pre-agreed exit provisions.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None.
Service interface
Yes
Description of service interface
CONTACT comprises a number of applications that work together to deliver your contact centre. Each application is accessed from a web browser. Configuration methods include check boxes, option buttons, selection boxes, and fields that can be typed into. DATA MANAGEMENT tables are created by adding columns to a table and then importing the data from a csv file. FLOW is used to create customer services such as IVRs, prompt recording, and speech capture, by dragging action cells onto a page and connecting them together. All channels (voice, SMS, email, web chat, twitter, and Facebook) are replied to from the DTA.
Accessibility standards
None or don’t know
Description of accessibility
High contrast settings are available and users can change font sizes and color
Accessibility testing
No official and documented testing as been conducted at this point in time.
API
Yes
What users can and can't do using the API
Bespoke and off-the-shelf APIs are available, subject to agreed specification.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Features and functionality can be fully customised, either by using the FLOW tool to amend service flows (by the user), or by bespoke development (by the supplier).

Scaling

Independence of resources
As Europe’s largest cloud-based Communications Integration platform, storm provides users with access to massive capacity. The platform can be scaled to accommodate services for any size of business. With sufficient capacity to accommodate in excess of 150,000 additional users, live storm services can be instantly scaled up when required without impacting service for other users.
storm provides user organisations with access to an effectively unlimited number of ports in the cloud, with the platform able to accommodate tens of thousands of simultaneous calls across TDM and VoIP, with a voice capacity in excess of 60 million minutes per day.

Analytics

Service usage metrics
Yes
Metrics types
Fully flexible and customisable real-time and historical reporting across multiple channels, with real-time notification alerts on service performance, trend analysis and service levels.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can export all data via the VIEW reporting dashboard. VIEW has the facility for manual exports or for regular exports via FTP or email, and can be used to extract multiple different areas of data based on customisable criteria such as time periods.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
As set out in the standard Service Level Agreement.
Approach to resilience
The storm platform is maintained across multiple secure data centre sites in every territory where it is deployed to provided optimum availability and resilience. To this end, it is of paramount importance that all data centre sites and the data stored therein is synchronized. All constituent data centres supporting the platform are connected by resilient 1GB links, which are continuously subject to monitoring. All data centres and servers are kept in active-active configuration, with the resilient connections between them enabling the ongoing synchronization of all services and data.
Outage reporting
The Support Team provides email alerts.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Each organisation’s storm solution requires the purchase of one or two administrator licences. Administrators require these separate licences to access admin privileges. As with all users, these require RSA-secured login. Administrator seats are assigned to named users. Supervisors can be given restricted access to above-standard features, and this is fully-configurable by administrators.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyds Register Quality Assurance
ISO/IEC 27001 accreditation date
03/10/2018
What the ISO/IEC 27001 doesn’t cover
Processes outside of those certified. Certificate states that the approved Information Security Management System is applicable to: the information security management system supporting cloud computing services through Content Guru and the design, development, installation and maintenance of telecommunication systems, including hardware and software for Value Added Network Services, soft switching and computer technology solutions in accordance with Statement of Applicability version 2.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
NCC Services Ltd (NCC Group)
PCI DSS accreditation date
30/01/2018
What the PCI DSS doesn’t cover
All processes outside of those certified. Certification was for compliance with the Payment Card Industry Data Security Standard (PCI DSS) Version 3.2.
Other security certifications
Yes
Any other security certifications
Cyber Security Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Scheme (CES) certification
+PCI-DSS Level 1
Information security policies and processes
Adheres to ISO 27001. All data centres are accredited to IL-3 standard. The building is protected by physical security barriers and card access points, visitors are logged. User logins are RSA-authenticated, requiring PINs (minimum 4 digits) followed by an RSA SecurID that refreshes every 60 seconds. VPN access is restricted to the necessary employees. All successful or failed accesses to certain areas, such as audit trails or cardholder data, are logged. System logs are reviewed several times daily by engineers. Errors or exceptions are logged in an xcl file. Items are assigned owners according to expertise, and investigated. This file is reviewed by an Engineering Manager, ensuring all investigated items are progressed or closed. Access to the raw data is restricted to the Engineering Manager, ensuring a copy of the audit cannot have been tampered with. All servers within the CDE are time-synchronised to ensure consistency, and synchronised every 15 mins. A security manager ensures policies are adhered to and is the point of contact for all security incidents. All employees are given security policy with compulsory security training. Heads of departments attend ISMS reviews. Security incidents are recorded in the Security Audit Report maintained by the Security Manager.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Requests for hardware and software changes are in the first instance submitted to the Change Control team to audit. The test platform ‘Ministorm’ has fixed managers who assess change requests. Application engineers ensure all changes conform to release notes. All work is undertaken on Ministorm primarily, and must be tested and signed-off by a senior engineer and the Change Control team. Affected clients are notified in advance. Any issues encountered are logged in the ECO database, using JIRA and GIT. Those that could affect security are flagged when the change request is first submitted and special documentation is needed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The vendor employs an approved third party scanning vendor to perform internal and external vulnerability scanning. Based on the information provided on a regular basis by the third party, the vendor's security team review and action the necessary patching. All patches are tested in the lab environment prior to live roll-out. Frequency of deployments are based on criticality of patches and schedule of planned work.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The platform is monitored continuously day and night, on a 24/7 basis. The processes include interrogation of data logs and real-time alerts based on system performance. Potential compromises are actioned immediately by the support team, using established processes.
Incident management type
Supplier-defined controls
Incident management approach
The vendor has standard documented procedures for incident management. User reports incidents to the Engineering Services team as part of the standard ticketing procedure. Incident reports are issued as per the agreed SLAs.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Pricing

Price
£23.43 to £118.13 a user a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Base trial version available subject to contract.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@redwoodtech.com. Tell them what format you need. It will help if you say what assistive technology you use.