Large-Scale HRM System with 17 Modules: How We Automated Personnel Management

Imagine this: you have a large organization with thousands of employees. Every day, someone arrives, someone goes on a business trip, someone is on sick leave, someone transfers from one subdivision to another. And you track all of this in Excel. Or rather, not just you – dozens of subdivisions, each in their own file, with their own formatting, their own mistakes, and their own version of the truth.

This was exactly the situation when a client approached our team – a state defense organization where personnel tracking was done mostly manually, in scattered spreadsheets and documents. The objective was clear: build a unified system to replace chaos with order. No compromises on security, no limitations on scalability, and with real-time collaboration capabilities.

The result is an HRM system called "Varta": 93,000 lines of code, 60+ database models, 200+ API endpoints, 100+ React components. And most importantly – it actually works. Every day. For thousands of concurrent users.

In this case study, we will explain how we built the system from scratch, what technical challenges we encountered, and why off-the-shelf solutions like SAP or Bitrix were never even considered.

The Challenge: Why Excel Does Not Work at Large Scale

When your organization has 10-50 people, Excel is fine. Maybe even convenient. But when you have thousands of people spread across dozens of subdivisions, Excel becomes the enemy. Here are the specific problems the client was living with:

No single source of truth. Each subdivision maintained its own records. Data was duplicated, conflicting, and getting lost. To compile a consolidated report across the entire organization, you had to call 25 people, collect 25 files, and manually merge them into one. This took days.

The attendance timetable was a nightmare. Thousands of people times 365 days equals millions of records per year. In Excel, this is physically impossible to process. Every mistake in marking leads to incorrect calculations, inaccurate reports, and ultimately – financial losses.

Document management was entirely manual. Orders, reports, certificates – everything was written by hand or copied from previous documents, with the risk of leaving someone else's data in place. A single operator would spend hours on what a system can do in seconds.

No control or transparency. Who made a change? When? What data existed before the change? Nobody knew. There was no audit trail. When errors occurred, finding their source was practically impossible.

Security was superficial. Files were shared through messengers, stored on local computers, and accessible to anyone who received "the file." For a defense organization, this is critically unacceptable.

This is exactly the case where custom development is not a luxury but a necessity. No off-the-shelf solution covers this set of requirements.

What We Built: An Overview of the "Varta" System

Technology stack: Django REST Framework on the backend, React 18 + TypeScript on the frontend, PostgreSQL as the primary database, Redis for caching and queues, WebSocket for real-time communication. The system replaced an old Django monolith and became a full-fledged platform with modular architecture. We wrote a separate article about why we chose Django for projects like this.

Here are the key modules worth examining in detail:

1. Organizational Structure (ORB Tree)

Instead of hardcoded hierarchy levels (brigade – battalion – company – platoon), we built a flexible tree with unlimited nesting depth. An administrator can add new types of subdivisions, move branches, and change the hierarchy – without any developer involvement. Each tree node is a subdivision with its own set of positions, staffing slots, and assigned personnel.

This is critically important for a defense organization, where the organizational hierarchy changes far more frequently than in civilian organizations. We use the same approach when building CRM systems and ERP solutions – flexible structures that adapt to the client.

2. Attendance Timetable (Thousands x 365 = Millions of Records Per Year)

This is the heart of the system. The timetable shows where each person is on any given day: on site, on a business trip, on sick leave, on vacation, on a combat assignment. Thousands of rows by 365 columns – this is a dataset that needs to not only be stored but rendered quickly, edited, and used as the basis for reports.

We implemented monthly partitioning in PostgreSQL: the timetable table is divided into separate partitions by month, ensuring fast queries even with millions of records. The frontend renders the timetable with virtualization – displaying only the visible rows.

Moreover, the timetable is filled automatically. An administrator configures mapping rules: when a person receives the status "Business Trip," the corresponding mark appears in the timetable. This eliminates manual entry and errors.

3. Custom Field and Status Constructor

One of the most interesting architectural decisions. Instead of hardcoding all possible fields for a personnel card (and there could be dozens: from blood type to ID tag number), we created a constructor. An administrator adds new fields through the interface: text, number, date, dropdown, multi-select – any type.

The status constructor works the same way. Need a new status called "Advanced Training Courses"? The administrator creates it, configures the color, icon, timetable mapping – and it is immediately available in the system. No need to wait for a new release from the developer.

For complex scenarios, there is a Condition Builder: cascading status changes where one status automatically affects other fields or statuses. For example, the status "Hospitalization" automatically changes the timetable mark and sends a notification to the subdivision commander.

4. Document Generation from Templates

The system generates documents in DOCX format from pre-configured templates. A report, an order, a certificate – the operator clicks a button, and the document is automatically populated with data from the database. Daily reports, Excel registries, payment calculations – everything is generated in seconds.

Previously, a single operator spent 2-3 hours on a daily report through manual work. Now it takes seconds. Multiply that by 25 subdivisions, and you understand the scale of automation that actually saves money.

5. Combat Journal (Drag-and-Drop Report Builder)

A unique module that does not exist in any commercial HRM system. The combat journal is a report builder with a drag-and-drop interface where a commander constructs a report by dragging blocks: text fields, data tables from the database, signatures, timestamps. Each report is saved with a complete audit trail.

6. WhatsApp Integration and Google Sheets

The system integrates with WhatsApp for automated messaging: status change notifications, reminders, birthday greetings. We have extensive experience in building Telegram and chat bots, and applied the same approaches to WhatsApp integration. There is also Google Sheets synchronization for subdivisions accustomed to working with spreadsheets – data updates automatically in both directions.

7. Admin Panel with Monitoring

A dedicated panel for the system administrator: server monitoring, backup management, viewing active WebSocket connections (who is currently online), action logs, and access rights management. The RBAC system with 30+ permissions allows precise configuration of who sees what and who can do what.

Technical Challenges: Ensuring Scale and Security

Building a large-scale system for a major organization is not simply about "adding more form fields." It requires fundamentally different architectural standards. Here are the main challenges we faced:

Performance with Millions of Records

9 million timetable records per year is not the kind of volume you can just throw into a single table and run SELECT queries on. We implemented monthly partitioning in PostgreSQL, optimized indexes, and configured caching of frequent queries through Redis. The result: response time for a subdivision timetable of 500 people does not exceed 200 milliseconds.

On the frontend, we used list virtualization (React Virtualized), lazy loading, and optimistic UI updates so that users experience no delays even when working with large datasets.

Real-Time via WebSocket

When one operator changes a person's status, all other users must see it instantly. We implemented a full WebSocket architecture: changes are broadcast to all subscribed clients in real time. This is not polling every 5 seconds – this is true real-time communication.

The admin panel shows how many users are currently online, which subdivisions they are working in, and what actions they are performing. This is critical for understanding system load and responding quickly to operational needs.

Three Levels of Data Isolation

For a defense organization, security is not "nice to have" – it is an absolute requirement. We implemented three levels of protection:

• ORM Level (Django): every queryset is automatically filtered by the user's subdivision. It is impossible to accidentally query another subdivision's data.
• Middleware Level: additional permission checks on every request, independent of ORM. Even if a developer makes a mistake in the code, the middleware will not allow unauthorized access.
• PostgreSQL RLS (Row Level Security): the database itself filters rows at the SQL level. Even if an attacker gains direct access to the database through an SQL client, they will only see their own subdivision's data.

Three independent levels is overkill for most projects. But for a defense organization, this is the minimum.

Complete Audit Trail

No record in the system is ever physically deleted. Every change is logged: who, when, what was changed, and what the data looked like before and after. This is not just a security requirement – it is a legal necessity. Any action can be reconstructed and verified even years later.

Key Results: What Changed for the Client

After implementing "Varta," the organization gained capabilities that simply did not exist before:

A single database instead of dozens of scattered files. A consolidated report across the entire organization is generated in seconds, not days. Data is not duplicated and does not conflict.

The timetable is maintained automatically. Operators no longer fill in thousands of rows manually. Statuses are mapped to timetable marks according to rules configured by the administrator. Errors decreased by an order of magnitude.

Documents are generated instantly. The daily report that previously took 2-3 hours is now generated in seconds. One button click – and you have a ready DOCX file.

Transparency and control. Complete audit trail, RBAC with 30+ permissions, three levels of data isolation. Management knows exactly who did what and when within the system.

Flexibility without a developer. New fields, new statuses, new mapping rules – all of this is configured by the administrator through constructors. The system adapts to organizational structure changes without our team's involvement.

Real-time collaboration. Changes are visible instantly to all users. No delays, no desynchronization, no "I have not saved the file yet."

You can view the project page with technical details in our portfolio – the "Varta" case study.

Conclusion: When You Need a Custom HRM System

The HRM market is large: BambooHR, Workday, SAP SuccessFactors, and various local solutions. But there are situations where off-the-shelf products simply do not fit:

• Scale exceeding 5,000 people with complex hierarchy, where standard systems choke
• Specific security requirements, such as in the defense sector, where data isolation at the database level is mandatory
• Unique business processes that cannot fit within the framework of a ready-made solution without painful compromises
• Integration requirements with internal systems, messengers, and specific document formats
• Need for flexibility, when the organization's structure changes frequently and unpredictably

If you recognized your situation in at least two of these points, you most likely need custom development. It is a larger investment upfront than a SaaS subscription, but in the long run, it is a system that works exactly the way your organization needs.

At Artbrain, we specialize in developing complex business systems: HRM, CRM, ERP, and other automation solutions. If you have a challenge that cannot be solved with a boxed product, contact us. We will provide a free consultation, analyze your situation, and honestly tell you whether you need custom development or whether an off-the-shelf solution will suffice.

Learn more about our development services and completed projects.