Imagine this: you have a large organization with a complex structure. Every day, someone arrives, someone goes on a business trip, someone is on sick leave, someone transfers from one subdivision to another. And you track all of this in Excel. Or rather, not just you – different subdivisions, each in their own file, with their own formatting, their own mistakes, and their own version of the truth.

This was exactly the situation when a client approached our team – a state defense organization where personnel tracking was done mostly manually, in scattered spreadsheets and documents. The objective was clear: build a unified system to replace chaos with order. No compromises on security, no limitations on scalability, and with real-time collaboration capabilities.

The result is an HRM system: 93,000 lines of code, 17 functional modules, 80+ API ViewSets, 11 Django apps. And most importantly – it works every day.

In this case study, we will explain how we built the system from scratch, what technical challenges we encountered, and why ready-made solutions did not fit.

The Challenge: Why Excel Does Not Work at Large Scale

When an organization is small, Excel is fine. Maybe even convenient. But with a complex structure and many subdivisions, Excel becomes the enemy. Here are the specific problems the client was living with:

No single source of truth. Each subdivision maintained its own records. Data was duplicated, conflicting, and getting lost. To compile a consolidated report across the entire organization, files had to be collected manually and merged into one document.

The attendance timetable was a nightmare. When attendance is tracked manually for a large structure, the number of records quickly becomes unmanageable. Every mistake in marking leads to incorrect calculations, inaccurate reports, and additional manual review.

Document management was entirely manual. Orders, reports, certificates – everything was written by hand or copied from previous documents, with the risk of leaving someone else's data in place. The system automates this routine and reduces manual errors.

No control or transparency. Who made a change? When? What data existed before the change? Nobody knew. There was no audit trail. When errors occurred, finding their source was practically impossible.

Security was superficial. Files were shared through messengers, stored on local computers, and accessible to anyone who received "the file." For a defense organization, this is critically unacceptable.

This is exactly the case where custom development is not a luxury but a necessity. No off-the-shelf solution covers this set of requirements.

What We Built: An Overview of the HRM System

Technology stack: Django REST Framework on the backend, React 18 + TypeScript on the frontend, PostgreSQL as the primary database, Redis for caching and queues, WebSocket for real-time communication. The system replaced an old Django monolith and became a full-fledged platform with modular architecture. We wrote a separate article about why we chose Django for projects like this.

Here are the key modules worth examining in detail:

1. Organizational Structure (ORB Tree)

Instead of hardcoded hierarchy levels (brigade – battalion – company – platoon), we built a flexible tree with unlimited nesting depth. An administrator can add new types of subdivisions, move branches, and change the hierarchy – without any developer involvement. Each tree node is a subdivision with its own set of positions, staffing slots, and assigned personnel.

This is critically important for a defense organization, where the organizational hierarchy changes far more frequently than in civilian organizations. We use the same approach when building CRM systems and ERP solutions – flexible structures that adapt to the client.

2. Attendance Timetable for a Large Structure

This is the heart of the system. The timetable shows where each person is on any given day: on site, on a business trip, on sick leave, on vacation, on a combat assignment. This dataset needs to not only be stored but rendered quickly, edited, and used as the basis for reports.

We implemented monthly partitioning in PostgreSQL: the timetable table is divided into separate partitions by month. The frontend renders the timetable with virtualization – displaying only the visible rows.

Moreover, the timetable is filled automatically. An administrator configures mapping rules: when a person receives the status "Business Trip," the corresponding mark appears in the timetable. This eliminates manual entry and errors.

3. Custom Field and Status Constructor

One of the most interesting architectural decisions. Instead of hardcoding all possible fields for a personnel card (and there could be dozens: from blood type to ID tag number), we created a constructor. An administrator adds new fields through the interface: text, number, date, dropdown, multi-select – any type.

The status constructor works the same way. Need a new status called "Advanced Training Courses"? The administrator creates it, configures the color, icon, timetable mapping – and it is immediately available in the system. No need to wait for a new release from the developer.

For complex scenarios, there is a Condition Builder: cascading status changes where one status automatically affects other fields or statuses. For example, the status "Hospitalization" automatically changes the timetable mark and sends a notification to the subdivision commander.

4. Document Generation from Templates

The system generates documents in DOCX format from pre-configured templates. A report, an order, a certificate – the operator clicks a button, and the document is automatically populated with data from the database. Daily reports, Excel registries, payment calculations – everything is generated in seconds.

Instead of manually compiling reports, the operator clicks a button and the system generates a document from current data. This is an example of automation that removes routine work from daily operations.

5. Combat Journal (Drag-and-Drop Report Builder)

A unique module that does not exist in any commercial HRM system. The combat journal is a report builder with a drag-and-drop interface where a commander constructs a report by dragging blocks: text fields, data tables from the database, signatures, timestamps. Each report is saved with a complete audit trail.

6. WhatsApp Integration and Google Sheets

The system integrates with WhatsApp for automated messaging: status change notifications, reminders, birthday greetings. We have extensive experience in building Telegram and chat bots, and applied the same approaches to WhatsApp integration. There is also Google Sheets synchronization for subdivisions accustomed to working with spreadsheets – data updates automatically in both directions.

7. Admin Panel with Monitoring

A dedicated panel for the system administrator: server monitoring, backup management, viewing active WebSocket connections (who is currently online), action logs, and access rights management. The RBAC system with 30+ permissions allows precise configuration of who sees what and who can do what.

Technical Challenges: Ensuring Scale and Security

Building a large-scale system for a major organization is not simply about "adding more form fields." It requires fundamentally different architectural standards. Here are the main challenges we faced:

Performance with Large Data Sets

Large timetable tables cannot simply be placed into one table and queried without optimization. We implemented monthly partitioning in PostgreSQL, optimized indexes, and configured caching of frequent queries through Redis.

On the frontend, we used list virtualization (React Virtualized), lazy loading, and optimistic UI updates so that users experience no delays even when working with large datasets.

Real-Time via WebSocket

When one operator changes a person's status, all other users must see it instantly. We implemented a full WebSocket architecture: changes are broadcast to all subscribed clients in real time. This is not polling every 5 seconds – this is true real-time communication.

The admin panel shows how many users are currently online, which subdivisions they are working in, and what actions they are performing. This is critical for understanding system load and responding quickly to operational needs.

Three Levels of Data Isolation

For a defense organization, security is not "nice to have" – it is an absolute requirement. We implemented three levels of protection:

  • ORM Level (Django): every queryset is automatically filtered by the user's subdivision. It is impossible to accidentally query another subdivision's data.
  • Middleware Level: additional permission checks on every request, independent of ORM. Even if a developer makes a mistake in the code, the middleware will not allow unauthorized access.
  • PostgreSQL RLS (Row Level Security): the database itself filters rows at the SQL level. Even if an attacker gains direct access to the database through an SQL client, they will only see their own subdivision's data.

Three independent levels is overkill for most projects. But for a defense organization, this is the minimum.

Complete Audit Trail

No record in the system is ever physically deleted. Every change is logged: who, when, what was changed, and what the data looked like before and after. This is not just a security requirement – it is a legal necessity. Any action can be reconstructed and verified even years later.

Key Results: What Changed for the Client

After implementing the system, the organization gained capabilities that simply did not exist before:

A single database instead of scattered files. A consolidated report across the entire organization is generated from current data. Data is not duplicated and does not conflict.

The timetable is maintained automatically. Operators no longer fill in rows manually. Statuses are mapped to timetable marks according to rules configured by the administrator.

Documents are generated automatically. The daily report is generated from system data. One button click – and you have a ready DOCX file.

Transparency and control. Complete audit trail, RBAC with 30+ permissions, three levels of data isolation. Management knows exactly who did what and when within the system.

Flexibility without a developer. New fields, new statuses, new mapping rules – all of this is configured by the administrator through constructors. The system adapts to organizational structure changes without our team's involvement.

Real-time collaboration. Changes are visible instantly to all users. No delays, no desynchronization, no "I have not saved the file yet."

You can view the project page with technical details in our portfolio – the HRM case study.

Conclusion: When You Need a Custom HRM System

The HRM market is large: cloud platforms, boxed products, and local solutions. But there are situations where off-the-shelf products simply do not fit:

  • Complex organizational structure with hierarchy that standard systems do not cover well
  • Specific security requirements, such as in the defense sector, where data isolation at the database level is mandatory
  • Unique business processes that cannot fit within the framework of a ready-made solution without painful compromises
  • Integration requirements with internal systems, messengers, and specific document formats
  • Need for flexibility, when the organization's structure changes frequently and unpredictably

If you recognized your situation in at least two of these points, you most likely need custom development. It is a larger investment upfront than a SaaS subscription, but in the long run, it is a system that works exactly the way your organization needs.

At Artbrain, we specialize in developing complex business systems: order turnkey HRM, CRM, ERP, and other automation solutions. If you have a challenge that cannot be solved with a boxed product – submit your request for a free consultation. We will analyze your situation and honestly tell you whether you need custom development or whether an off-the-shelf solution will suffice.

Order turnkey business system development – HRM from $3,500, CRM from $3,000, ERP from $8,000. Free consultation, transparent pricing.

Learn more about our turnkey development services and completed projects.

FAQ

How much does HRM system development cost?

Basic HRM with employee records, leave management, and payroll – from $3,500. Large-scale enterprise system with 17 modules like our case (93K LOC, 60+ data models) – from $10,000-15,000. Price depends on the number of modules, integrations, and load requirements.

Can an HRM system handle a large number of users?

Yes, with proper architecture. Our enterprise HRM system has 93K lines of code, 60+ data models, 200+ API endpoints, and real-time updates via WebSocket. The key – Django + PostgreSQL provide scalability, and React delivers a fast interface.

What modules are needed for an HRM system?

Basic: personnel records, organizational structure, leave management, payroll. Extended: KPI metrics, recruiting, training, timesheets, document management, staffing tables. Modules are added gradually without rewriting existing code.

Share: Facebook Twitter / X Telegram LinkedIn
Anton Kunashenko, CEO & Lead Developer
CEO & Lead Developer at Artbrain

Anton Kunashenko

Founder of Artbrain since 2018. Builds digital products for business — from landing pages to enterprise systems. Active servicemember of the AFU.