Storm Web Design Ltd


Joomla Web Site Development and Design. We are experts in designing and developing websites using the Joomla Content Management System. Joomla has now been used in websites for over 10 years, and in that time has risen to be one of the most popular content management systems around.


  • Open Source
  • Mobile Friendly
  • User friendliness
  • Online Safety
  • Flexibility
  • Easy to understand
  • Robust
  • Versatile


  • Easily manage content in any web browser
  • Joomla is fully customisable
  • Thousands of Open Source extensions are available
  • No technical skill is needed when adding content
  • One of the most popular content management systems available


£520 per unit per day

  • Education pricing available

Service documents

G-Cloud 11


Storm Web Design Ltd

Russell English


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Community cloud
Service constraints None
System requirements
  • PHP 7.1+ (Recommended), 5.3.10 (Minimum)
  • Supported Database: MySQL 5.5.3+ (Recommended), 5.1 (Minimum)
  • Supported Database: SQL Server 10.50.1600.1+ (Minimum)
  • Supported Database: PostgreSQL 9.1+ (Recommended), 8.3.18 (Minimum)
  • Supported Web Server: Apache 2.4+ (Recommended), 2.0 (Minimum)
  • Supported Web Server: Nginx 1.8+ (Recommended), 1.0 (Minimum)
  • Supported Web Server: Microsoft IIS 7 (Recommended), 7 (Minimum)

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday to Friday tickets/tasks are replied to within minutes

Weekend cover (if required), tickets/tasks are responded to within an hour.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We have the following Service Level Agreements as part of our Retainer Services:

Priority 1 - This is for any outages and will be investigated within 1 hour.
Priority 2 - Will be investigated within 4 hours.
Priority 3 - Will be investigated with 12 hours (or longer if received on a Friday).
Priority 4 - Standard Change Request.

We provide retainer support to clients, based on a minimum of 12 months. On retainer support, our day rate is reduced to £400.00 + VAT based on a 12 months minimum support contract.

Our Ad-Hoc (Time & Materials) support is charged at £65.00 + VAT per hour, there isn't an SLA in place but we will schedule work to take place within 5 days of receiving the request (Priority 4 shown above).
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a combination of training and user documentation, which caters for both novice and experienced users. Firstly, we will collaborate with you to discuss the likely user tasks and establish both short and long-term aims of the training/documentation. We will then agree the most suitable training method(s), which typically include Group Sessions, Train the Trainer, and working with a dedicated training system. User Documentation will be clear and concise, to compliment the training session(s) and minimise your reliance on external support.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction The end client owns all Intellectual Property and data associated with and stored on the website and therefore there is no requirement for data extraction.
End-of-contract process At the end of the contract, the client will approve all of our work with a simple sign-off. As the client maintains all IP for our services, they will then have full capability to maintain the service.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We work on the mobile first philosophy. With the increase in mobile usage of the past few years, this is only set to continue and eventually overtake desktop use. By working with mobile first, we ensure that the user experience (UX) on a website is improved through fast load times, easy to use navigation and an intuitive mobile user interface (UI).
Customisation available No


Independence of resources Each Joomla website is installed independently of one another in an environment either hosted by the client or hosted on 3rd party web servers, therefore each Joomla installation is completely independant.


Service usage metrics Yes
Metrics types We provide analytica via the use of 3rd party services such as Google Analytics and Google Tag Manager
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach They can either export directly from within the database administration screen (PHPMyAdmin) or data can be exported via a backup of the website directly from the Joomla administration interface
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability We guarantee 99.9% availability. In the extremely rare event that this is not the case, we will treat this as a Critical Issue and will work continuously on the problem until it is resolved. User refunds will be agreed prior to our engagement, and will reflect the significance of the issue and time exposure.
Approach to resilience This information is available on request
Outage reporting We set up instant notifications, which tell us if our there is a service outage. We then contact our Client directly, to inform them of this issue. This is then managed by a dedicated support team.

Identity and authentication

Identity and authentication
User authentication needed No
Access restrictions in management interfaces and support channels We use IP restrictions, on top of authentication for any content management changes.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Cyber Essentials
Information security policies and processes Reporting comprises of automated notifications to Storm for any incident which suffers an outage, or required administrative access. A breach in security would be reported to senior staff. All incidents and breaches in security will be immediately reported to the client, via our dedicated account manager.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We operate a change request process, which ensures both the requester and approver focus on five key points; has the change been tested, is there a rollback plan, which resources are required, what risks are involved and have relevant parties been informed. We approve change requests through relevant management representatives, as well as client contacts, where appropriate. We also record change requests against the appropriate project, and update related version documentation accordingly.
Vulnerability management type Undisclosed
Vulnerability management approach We assess potential threats to our service through continuous monitoring and by receiving instant notifications for required patches. Notifications come immediately from trusted vendors only. Once we receive a notification, we will begin the process of deploying a patch as soon as possible. This will often require testing from the offset, to ensure that no levels of customisation are broken. All patches are communicated with the Client, from first notification, straight through to deployment.
Protective monitoring type Undisclosed
Protective monitoring approach We perform a comprehensive range of testing methods on all of our development work, prior to deployment. This is conducted by our in-house Quality Assurance specialist, and serves to immediately detect compromises and vulnerabilities. Once identified, we may conduct additional testing after deployment, to specifically ascertain if the issue applies to our work. If it does, we will take action to patch this as soon as possible. If it doesn’t, we will assess the severity and choose an appropriate action, after discussion with the client. We respond to all incidents within client-approved service levels.
Incident management type Undisclosed
Incident management approach Incidents are reported to line management via task management system as per our Integrated Management System processes, as well as by email and/or in person. Reporting would carry on up to CEO/Managing Director level where deemed appropriate. Account managers will inform affected clients where applicable through similar means – email, phone call and/or in person.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £520 per unit per day
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑