Which processes are best to start with to get quick impact?

Start with 2–3 of the most frequent and stable processes where rules rarely change: leave requests, certificates, and personal data changes. These show immediate value by removing emails, chats and manual clarifications, and then it’s easier to expand the scope.

Why do data often diverge between Excel, email and accounting systems?

This usually happens when there is no single source of truth for master data and people enter the same fields in different places. Fix where the employee card and org structure live, forbid manual edits of key fields outside the primary system, and set clear update rules.

Which request statuses are needed so employees understand what’s happening?

Use a minimal set of statuses with clear meaning and forbid manual transitions. For example, if a leave is only complete after the document is issued, the status must not become “completed” earlier. Otherwise transparency is lost and clarifications return by messages.

How to design approval routes so they don’t stall without HR involvement?

Base routing on the org structure and positions, not individual names, and always include substitutions for absence. Then requests go to the right responsible person automatically and HR does not become a dispatcher who must find approvers manually.

How not to overload employees with forms and still avoid dozens of clarifications from HR?

Keep one form per request type, make only the fields required that are essential to decide, and add helpful hints instead of long instructions. If HR still asks the same questions, required fields and validations are not precise enough.

Which personnel documents should be automated first?

Automate documents that employees request frequently and that can be assembled from system data: applications, orders for typical events, employment certificates and income confirmations. Decide in advance which fields always come from the employee card and org data to avoid manual edits in the text.

How to manage template and document versions to avoid 'the latest version in chat'?

Store templates as separate objects with version numbers and effective dates, and record which template version each generated document used. When a template changes, new documents use the new version while old documents remain reproducible.

How to set up access rights to protect personal data and not interfere with work?

Start from roles and the principle of least privilege, then add department and legal entity restrictions. Include auditing: who opened a profile, who changed fields, who downloaded documents. This both protects personal data and helps resolve disputes.

Which reports are needed to stop HR from building manual spreadsheets?

Build two groups of reports: about people (headcount, leave, absences, turnover) and about processes (approval time, overdue items, bottlenecks). If metrics still require exports and manual consolidation, the system lacks statuses, timestamps and data-quality rules.

What should be considered about infrastructure and support before launching HRM?

Decide infrastructure needs for peak loads and document storage, and who is responsible for support, logs and change management. If hardware or workstations must be updated in parallel, handle that as a separate track. GSE.kz supplies PCs and servers and offers system integration and 24/7 technical support, which can help avoid launch delays due to operations or hardware.

Employee Self-Service HRM: Requests, Documents, and Access

Why an employee self-service HRM and common pain points

In many companies HR spends time not on working with people but on manual bookkeeping: accepting an application, clarifying data, chasing an approver, finding the “latest version” of an order, collecting numbers for a report. When there are dozens of such tasks every day, even a strong team ends up constantly putting out fires.

An employee self-service HRM moves simple actions to where they belong: to the employee and the manager. The employee files requests themselves (leave, certificates, business trips, personal data changes), sees the status and knows what happens next. The manager approves in a single view, and HR gets involved only where expertise, checks or document issuance are needed.

Common problems are similar: data diverges across Excel, email and systems; approvals stall because there are no routes and reminders; documents live in folders and messengers without a single version; access is granted "on request" and later it’s hard to know who viewed or changed what.

Business expects three clear things: speed, control and transparency. Speed — requests should be processed in hours, not weeks. Control — rules (who approves, which documents are required, deadlines) should work without manual handling. Transparency — at any time it should be clear where something is stuck, who is responsible and which data is authoritative.

If the system is built correctly, HR stops being a “mail dispatcher” and becomes a process owner rather than a bottleneck.

Define boundaries: users, processes and data

To keep an employee self-service HRM from becoming an endless project, define boundaries up front: who uses the system, which processes are in the first release, and which data is the single source of truth.

Start with roles. Usually the scope includes employees (create requests and view their data), managers (approve), HR (manage personnel events), finance/payroll (receive data for calculations and withholdings) and security (define access rules and audit). Decide immediately which actions are available to each role and which require a request or HR intervention.

Next — processes. For the first stage, pick cases that deliver quick wins and have clear rules: certificates, leave, business trips, personal data changes, schedule approvals. Complex cases (mass transfers, multiple legal entities, nonstandard benefits, frequent manual exceptions) are better deferred until workflows are stable and data is cleaned.

Separately define master data: employee profile, org structure, units, positions, payroll IDs, managers, employment statuses. Decide where these data live — in HRM or an external system. If there are multiple sources, assign a primary source and update rules; otherwise discrepancies become the norm.

Before development, make a few decisions:

Mobile access: view only, or also submit and sign requests.
Interface languages (often at least RU/KZ) and language for document templates.
Branches and time zones: unified rules or local exceptions.
Access boundaries: by department, legal entity or project.
Security requirements: action auditing, log retention, document retention periods.

Example: if the company has branches in different cities, include local approval routes for branch managers and keep unified master data for org structure. Otherwise HR will manually reconcile reality.

Employee requests: forms, statuses and transparency

Self-service starts with something simple: an employee must be able to submit a request without emails, chats or “come to HR.” The fewer exceptions and manual clarifications, the faster the system provides value.

Start by moving the most frequent requests into the system: leave and leave changes, business trips and related documents, certificates and confirmations, personal data changes, access and account requests.

To avoid dozens of forms, follow one principle: each request has a clear title, required fields and a field for clarifications. Make required fields such that HR and approvers don’t need to ask again: period, reason, department, deputy, contact details. Attachments should be optional but include guidance when they are needed. Comments are useful, but set limits (length, hints, structure) so the request card doesn’t turn into a chat.

Transparency relies on statuses and a clear lifecycle. A minimal set is usually: created, under approval, rejected, completed. Ensure status changes follow rules, not informal agreements. For instance, a leave should not be marked “completed” until HR has generated the document and recorded the outcome.

Consider visibility. The requester sees their history and reasons for rejection. Approvers see only requests within their scope. HR and executors see what is needed to act, plus an action log: who changed fields, added files or left comments and when.

Notifications help when they don’t create noise. A good approach: send only actionable events; batch reminders into a single scheduled message; write short messages — what to do, by when and where to find it.

Example: an employee files leave and sees “under approval.” The manager receives one notification, and after a decision the employee immediately sees the result and any comment — no calls or “it got lost in HR.”

Approval routes: make them work without manual intervention

Approvals should rely on org structure, not HR memory. The system can then determine the correct approver: direct manager, higher-level manager or HR.

Based on org structure and substitutions

Build routes from position and department, not a specific person. Always include substitutions for absence. If a manager has an assigned deputy, the request should go to that deputy automatically during the absence without HR involvement.

Sequential or parallel

Choose approval type by the process logic. Sequential is suitable when one decision affects the next (e.g., the manager confirms the need, then HR checks documents). Parallel is useful to collect several independent approvals quickly (e.g., manager and security).

To prevent routes from stalling, define escalation rules in advance:

time limit for each step;
scheduled reminders;
auto-reassignment if the responsible person is absent;
escalation to the next manager;
mandatory reason for rejection.

Also separate permissions: who can approve, who can only view, who can return for revision. For example, payroll should be able to view a 2-NDFL certificate request but not change employee data.

Include an audit of actions: who made a decision, when, what changed and the request’s resulting status. This protects HR and managers in disputed situations.

Personnel documents: templates, storage and version control

Document issues usually fail not at “generate document” but at details: where fields come from, who has access, which template version is correct and how to prove a document was signed.

Start by automating the most frequently requested documents that employees can request themselves while HR handles exceptions: applications (leave, business trip, transfer), orders (leave, hire, transfer, dismissal), employment and income certificates, memos and data-processing consents, notices and amendments where needed.

Templates must pull fields from the employee profile and org structure: full name, national ID, position, department, payroll ID, manager, schedule, address, company details. Decide which fields are editable (e.g., leave period) and which are taken only from the system (e.g., position as of the document date) to avoid manual text edits.

Version control is required for templates and generated files. A simple practice: store each template as a distinct object with a version number and effective date, and record which version created each document. When a template is updated, new documents use the new version while older documents remain reproducible.

Signing can be electronic or paper, but the fact of signing must always be recorded: who signed, when, by what method, and what exactly was signed (hash or attached file). If some signatures remain on paper, add a mandatory step: upload a scan and mark receipt of the original.

Storage should look like an archive with search by metadata (type, number, date, employee, department, status). Define role- and retention-based access: employees see only their documents, managers see team documents, HR sees according to permissions and auditors can access the event log. This is crucial for organizations with strict control and reporting requirements, including state and large enterprises.

Access control: roles, departments and auditing

HRM pilot by steps

We will assemble a pilot scope and prepare rollout by departments.

Start a pilot

Access both protects personal data and reduces errors. Poorly configured rights let employees see others’ data, give managers extra information and force HR to clean up manually.

Start with roles and real actions. A basic set, refined by business rules, is usually sufficient:

Employee: view and edit only their data, submit requests, receive documents.
Manager: approve team requests, see limited information about direct reports.
HR: manage processes and directories, view personal data as needed.
HR clerk: issue orders and documents, manage statuses and personnel events.
Analyst: view reports and anonymized slices without access to individual profiles.

Apply least privilege: by default show nothing extra, even within HR. Sensitive data (salaries, bonuses, performance assessments, disciplinary notes, medical information) should be stored in separate blocks with separate rights. Mask or show ranges in the UI where exact values are unnecessary.

Separate access by department and legal entity. For example, a branch employee sees only their organization, a manager sees only their chain of subordinates, and central HR access is assigned by legal entity and region.

Auditing must be built in: who opened a profile, who downloaded a document, who changed fields and what changed. This helps resolve disputes in minutes instead of relying on memory and messages.

Reporting without manual consolidation: what to build

Reports must be automatic, otherwise Excel and email chains will reappear a week after launch. Good reporting answers two questions: what is happening with people and what is happening with processes.

Basic HR reports almost everyone needs

Start with reports HR and managers open frequently: headcount (by department, position, FTE, join and leave dates), leaves and absences (plan, actual, overlaps, balances, monthly peaks), turnover (reasons, onboarding time, team trends), business trips and remote work (who and when). If there’s a recruitment module, add vacancy reports: funnel, time-to-fill, recruiter workload.

Operational reports on requests and approvals

To keep processes running, build SLA and delay reports: where requests are stuck, how long each step takes, which approvers are bottlenecks. Useful dimensions are request type (leave, certificate, data change) and department.

Include a data-quality layer. The system should flag duplicate employees, missing required fields, org structure inconsistencies (e.g., employee without a manager) and dangling records without dates.

Decide export rules up front: who can export, in what form (anonymized or with names) and log exports. Otherwise a convenient report quickly becomes a personal data leakage risk.

Integrations: where to source data and how to keep control

An employee self-service HRM becomes manual again if it lives separately from accounting systems. So before development decide not only “what to integrate with” but also “who owns each data type.”

Common integrations prevent duplicate entry: payroll/accounting (payroll, leave accruals, business trips, certificates), AD/SSO or another directory (single sign-on, roles, locks), mail and calendar (notifications, invites, reminders), E-document or internal document flow (signatures, sending, archive), time and attendance (presence and overtime).

Plan single sign-on upfront. When account creation and deactivation are handled centrally, you avoid extra passwords and forgotten access for dismissed employees. HRM then contains only permissions logic: what actions are allowed and what data a person sees.

Org structure and time records are frequent mismatch points. If a manager changed in one system but HRM still uses the old manager, approvals stall. Use a source-of-truth rule: for example, department and manager come only from the directory/ERP and HRM forbids manual edits to those fields.

Integrations should “fail loudly and clearly.” Keep exchange logs (what was sent, what was received, what error occurred) and an assigned owner for resolution: who fixes field mapping, who clarifies data with payroll, who handles accesses. Without assigned ownership, control is lost even with well-written code.

Step-by-step development plan: from MVP to rollout

Commercial proposal for your environment

We will estimate hardware supply and implementation to meet your launch timeline.

Request a quote

If you try to build everything at once, HRM quickly becomes a never-ending project. It’s better to move in short steps: MVP, pilot and rollout.

1) Define the MVP and access rules

Start with specific cases, not a feature list. Collect 10–15 common scenarios (leave, certificate, business trip, data change) and agree which processes are in the first version.

Then define who does what in the system and align with security.

Approve the MVP process list and what remains manual.
Describe roles (employee, manager, HR, payroll) and an access matrix.
Map request statuses and approval routes for each process.
Specify exceptions: substitutions, multiple approvers, urgent cases.
Decide which notifications are needed and where they appear.

2) Documents, reports and pilot

Prepare personnel document templates and archive requirements in parallel: storage, version control, search, retention, and visibility rules. These issues often surface during pilot, so don’t postpone them.

Design the weekly reports HR will use: how many requests are in progress, where delays are, how many returns for revision and data error counts. If metrics aren’t agreed up front, you’ll need manual data collection again.

Run a pilot in one department and collect feedback for 2–4 weeks.
Fix form, access and routing bottlenecks.
Prepare short training and quick guides for employees and managers.
Roll out to other departments in waves with a clear schedule.
Establish support: who manages settings, directories and process changes.

Example scenario: leave and documents without emails and Excel

Imagine a company with three branches in different cities. Each branch has its own manager, but there’s a central HR: HR keeps records, prepares documents and monitors deadlines. In this setup an employee self-service HRM removes emails, duplication and manual reminders.

An employee opens their personal account and selects “annual leave.” The system shows available days, accounting for already approved leave and company rules. If the employee tries to take more than allowed or selects blocked dates, a hint appears before submission.

After submission the request follows the approval route. First it goes to the employee’s direct local manager. After the manager’s decision the system automatically sends the request to HR only if conditions are met (e.g., leave longer than 14 days or coinciding with reporting closure).

The request card shows statuses and deadlines:

Draft, Submitted
Under approval by manager
Under HR review
Approved or Rejected (with reason)
Documents generated, Signing completed

When approved, the system generates an application and an order from templates, inserting name, payroll ID, dates and basis. Signing status is recorded: who signed, when, and what remains pending.

HR sees overdue approvals, pending signatures and frequent rejection reasons by branch in reports. This helps remove bottlenecks without manual spreadsheets.

Common mistakes and how to avoid them

Clean up your data

We will analyze where to keep the source of truth for org structure and master data.

Get consultation

The most common failure reason is trying to automate everything at once. The project drags on and users don’t get a clear daily scenario.

Keep the MVP focus: 2–3 most demanded requests (leave, certificate, personal data change), a simple approval route and a basic status dashboard. When this works without manual control, add documents and processes.

Second common mistake is “no data owner.” The same fields (position, department, manager, FTE) are edited in multiple systems and the truth exists nowhere. Assign a source of truth for each data set and an owner: who updates org structure, who confirms personnel events, who manages directories.

Approval routes are often too complex and forget exceptions. All requests then follow one chain and stall on one approver. Start with simple rules and add clear bypass options: auto-approval for routine cases, category limits and clear return reasons.

Access errors are costly: overly broad rights and no record of who viewed what. Use role-based access by the principle of least privilege, tie access to departments and enable mandatory auditing of views, exports and edits.

Reports can lie because of poor org data: duplicated units, temporary departments, managers with no reports. Clean directories before launch and agree on one naming and coding format.

Also don’t forget substitutions during leave and sick absence. If substitutions aren’t built in, approvals will stop. Minimum set:

automatic substitution according to absence calendar;
manual replacement with start and end dates;
notification that the request went to the deputy;
HR report on stalled requests and reasons.

When these risks are addressed in advance, self-service reduces HR’s manual work instead of creating new workarounds.

Short checklist before pilot

Agree key decisions before the pilot. This saves weeks of discussions and avoids a system that “seems to work” while HR still keeps manual records.

What to agree before development

Ensure the team answers simple questions: which requests are in the MVP, who approves them, and which data is authoritative. Without this, the pilot quickly becomes a collection of exceptions.

A short approved MVP process list, understandable to employees and managers.
An agreed roles and rights matrix: who sees personal data, who signs, who edits directories; include action audit.
Unified directories prepared (employees, departments, positions) and an assigned owner for data currency.
Templates tested on 5–10 real cases across different departments and conditions.
Pilot success metrics defined: average approval time, share of returns for revision, number of data errors.

Pilot plan and support

Decide in advance how you will accept requests and roll out updates. Assign support channels, owners and a rule: what counts as a bug and what is a request for “one more button.”

If the pilot is in a government body, bank or healthcare organization, involve security from the start. In such projects access, action logs and document storage must be designed before the first demo.

Next steps: infrastructure, support and launch

Before launch define infrastructure requirements: number of active users at peak times (Monday morning, month-end), storage needs (scans, templates, versions), availability expectations so the system doesn’t fail during mass leave requests or timekeeping closings.

Decide where the system will run: data center or customer site. On-premises often favors control and security; data center hosting makes scaling and redundancy simpler. In either case plan backups, disaster recovery and environment separation (test/prod) so updates don’t break processes.

Support must be a clear regimen, not ad-hoc. Minimum items:

roles: who receives tickets, who fixes issues, who approves changes;
update windows and rollback rules;
access to logs and audit trails;
SLA for incident response times;
a channel for employee feedback.

Start launch with a pilot in one department or one scenario (e.g., leave and certificates). Collect feedback from HR, managers and regular employees: what’s unclear in forms, where approvals stall, which notifications are missing.

If infrastructure updates are needed in parallel (servers, workstations, hosting), handle them in a separate track. For example, GSE.kz as a technology vendor and system integrator in Kazakhstan supplies workstations and servers and provides system integration and 24/7 technical support — this can help avoid launch delays due to hardware and operations.