Proposal & Quotation — Confidential
Modern HRMS for the Modern Workforce

Pre-Requisites, Infrastructure &
Professional Services Proposal

Hardware sizing, Bill of Materials, Training packages, Maintenance, and Licensing — for a 1,000-employee deployment.

Document Ref
HRS-PRE-2026-001
Prepared
20 April 2026
Valid Until
20 July 2026
Target Scale
Up to 1,000 Employees
Prepared By
HRSanad Solutions
Currency
USD (excl. VAT)

Table of Contents

  1. Executive Summary
  2. Sizing Assumptions (1,000 Employees)
  3. Cloud Infrastructure Requirements
  4. On-Premises Infrastructure Requirements
  5. Cloud vs On-Premises Comparison
  6. Bill of Materials — Cloud Deployment
  7. Bill of Materials — On-Premises Deployment
  8. Software & Licences
  9. HRSanad Application Licences
  10. Training Packages
  11. Maintenance & Support Services
  12. Backup & Recovery Procedures
  13. Patch Management
  14. Grand Total & Payment Terms
  15. Legal Notice & Terms
1

Executive Summary

Scope and purpose of this document

What This Document Covers

This document provides a complete technical and commercial specification for deploying HRSanad HRMS to serve up to 1,000 employees. It covers infrastructure pre-requisites for both cloud and on-premises deployment options, a full Bill of Materials with indicative pricing, professional services including training and documentation, and maintenance procedures.
🏢

Application Scope

ModulesAll 9 core modules
Users (HR/Payroll)Up to 50 admin users
Employees (ESS)Up to 1,000
TenantsSingle tenant
Payroll frequencyMonthly + mid-month
DocumentsUp to 50,000 files
📅

Deployment Timeline

Infrastructure setup2 weeks
Application install1 week
Data migration2–4 weeks
UAT2 weeks
Training1–2 weeks
Go-live support4 weeks

Performance SLA Targets

Page load (P95)< 2 seconds
API response (P95)< 500 ms
Payroll calc (1,000)< 3 minutes
Report generation< 30 seconds
Uptime SLA99.9% (cloud)
Backup RPO1 hour
🔒

Compliance Requirements

Data residencyIn-country
Encryption at restAES-256
Encryption in transitTLS 1.3
Backup encryptionAES-256
Access loggingFull audit trail
Password policyMFA supported
2

Sizing Assumptions — 1,000 Employee Deployment

Workload model used for hardware calculations
ParameterValueNotesImpact
Total employees1,000ESS users + payroll subjectsDatabase row volume
Concurrent ESS users (peak)150~15% of workforce at lunch/start of dayWeb server sizing
HR Admin / Payroll users (concurrent)20Heavy data entry and report generationAPI + DB connections
Payroll run volume1,000 slips/monthMonthly + possible mid-monthCPU burst sizing
Leave requests/day (peak)50Start of month / before holidaysWrite IOPS
Attendance records/day2,000 swipesClock in + clock out × 1,000Write throughput
Document uploads/month500 filesAvg 2–3 MB per fileBlob storage growth
Report generation/day30Mix of PDF payslips and Excel exportsCPU burst + memory
Database size (year 1)~25 GBAll tables, indexes, audit logsStorage provisioning
Database size (year 3)~70 GBGrowth rate ~25 GB/year with documentsStorage planning
Blob storage (documents, year 3)~200 GBEmployee docs, payslips, reportsObject storage
Network throughput (peak)~50 MbpsFile uploads, concurrent usersBandwidth sizing
Redis cache~2 GB working setSession tokens, BullMQ jobs, query cacheCache RAM sizing
Background jobs~10 cron jobsPayroll, leave accrual, doc expiry, alertsWorker process sizing

Headroom Policy

All hardware is sized at 50% of maximum expected load to allow for growth to 1,500 employees, batch job spikes, and year-end reporting peaks without degradation. CPU is sized for 2× payroll burst. Storage is provisioned with 3-year runway.
3

Cloud Infrastructure Requirements

Azure / AWS / GCP — recommended specifications per service

Recommended Cloud Provider

Microsoft Azure is the recommended provider for this deployment (Azure UAE North for GCC customers; Azure Ireland West Europe for Ireland deployments) due to in-country data residency options, native Kubernetes (AKS), managed PostgreSQL (Azure Database for PostgreSQL Flexible Server), and Blob Storage with CDN. AWS and GCP equivalents are noted where applicable.

Application Tier

🌐

Web App (Next.js)

Azure SKUStandard_D2s_v5
vCPU2 cores
RAM8 GB
OS Disk64 GB SSD P10
Instances2 (active/active)
OSUbuntu 22.04 LTS
AWS equiv.t3.large × 2
⚙️

API Server (Fastify)

Azure SKUStandard_D4s_v5
vCPU4 cores
RAM16 GB
OS Disk64 GB SSD P10
Instances2 (active/active)
OSUbuntu 22.04 LTS
AWS equiv.t3.xlarge × 2
🔄

Background Worker

Azure SKUStandard_D2s_v5
vCPU2 cores
RAM8 GB
OS Disk32 GB SSD
Instances1 (with auto-scale)
OSUbuntu 22.04 LTS
PurposeBullMQ, cron jobs
⚖️

Load Balancer

Azure serviceApplication Gateway v2
SKUStandard_v2
SSL terminationYes (TLS 1.3)
WAFEnabled (OWASP 3.2)
Health probesEvery 30s
AWS equiv.ALB + WAF

Data Tier

🗄️

PostgreSQL (Primary)

Azure serviceFlexible Server
SKUStandard_D4ds_v4
vCPU4 cores
RAM16 GB
Storage512 GB Premium SSD
IOPS2,300 provisioned
VersionPostgreSQL 16
HAZone-redundant standby
📖

PostgreSQL (Read Replica)

Azure serviceFlexible Server Read Replica
SKUStandard_D2ds_v4
vCPU2 cores
RAM8 GB
Storage512 GB (synced)
PurposeReports, analytics
Replication lag< 30 seconds

Redis Cache (Azure Cache)

Azure serviceAzure Cache for Redis
SKUStandard C2
Memory6 GB
PersistenceRDB every 60 min
TLSEnforced
PurposeBullMQ + sessions + cache
📁

Blob Storage (Documents)

Azure serviceAzure Blob Storage
TierStandard LRS
Initial capacity500 GB (scalable)
CDNAzure CDN (static assets)
VersioningEnabled
Soft delete30-day retention

Network & Security

🌐

Virtual Network

VNet CIDR10.0.0.0/16
App subnet10.0.1.0/24
Data subnet10.0.2.0/24
NSGPer-subnet rules
DDoSBasic (Standard optional)
Private endpointsDB + Redis + Blob
🔐

Key Vault & Secrets

ServiceAzure Key Vault
SecretsDB creds, JWT secret, SMTP
Rotation90-day auto-rotation
AuditAll access logged
Soft delete90-day recovery
📊

Monitoring

MetricsAzure Monitor + Prometheus
DashboardsGrafana (AKS-hosted)
Log retention90 days hot + 1 year archive
AlertingPagerDuty / email
APMApplication Insights
📧

Email (SMTP)

ServiceAzure Communication Services
VolumeUp to 10,000 emails/day
DomainsCustom domain + DKIM
FallbackSendGrid (secondary)
PurposePayslips, alerts, OTP
4

On-Premises Infrastructure Requirements

Physical server specifications for self-hosted deployment

On-Premises Deployment Note

On-premises deployment is suited for organisations with strict data sovereignty requirements, existing datacenter infrastructure, or limited internet bandwidth. The specifications below assume a VMware ESXi or Proxmox hypervisor layer hosting virtualised workloads. All VMs run on 2 physical host servers for HA.

Physical Host Servers (2 Required for HA)

ComponentSpecificationQtyPurpose
Application + Hypervisor Host (Server 1 & 2)
CPUIntel Xeon Silver 4314 or AMD EPYC 7313 — 16 cores / 32 threads, 2.4 GHz base2 sockets × 2 serversvCPU pool for all VMs
RAM256 GB DDR4 ECC RDIMM (16 × 16 GB DIMMs) — expandable to 512 GBPer serverVM memory pool
OS / Boot Drive2 × 480 GB SSD RAID-1 (hypervisor OS)Per serverESXi / Proxmox boot
VM Storage (local NVMe)4 × 1.92 TB NVMe SSD in RAID-10 = ~3.8 TB usablePer serverVM disks (fast tier)
Network2 × 10GbE SFP+ NIC (bonded active/passive) + 1 × 1GbE IPMIPer serverVM network + IPMI OOB
Power SupplyRedundant PSU 800W 80+ Platinum2 PSU per serverPower redundancy
Form factor1U or 2U rackmount2 serversRack space: 4U total
Dedicated Database Server (Server 3)
CPUIntel Xeon Gold 5318Y — 24 cores / 48 threads, 2.1 GHz base2 socketsPostgreSQL query throughput
RAM128 GB DDR4 ECC (PostgreSQL shared_buffers = 32 GB)Per serverDB buffer pool
Data Storage8 × 1.92 TB NVMe SSD in RAID-10 = ~7.6 TB usable1PostgreSQL data + WAL
Backup Storage4 × 4 TB SATA SSD in RAID-5 = ~10 TB usable1pg_basebackup + WAL archive
Network2 × 10GbE SFP+ (bonded) + IPMI1DB replication + app traffic
NAS / Backup Appliance (Server 4)
CPUIntel Xeon E-2356G — 6 cores1Low-power storage node
RAM32 GB ECC1ZFS ARC cache
Storage8 × 8 TB enterprise SAS HDD in RAIDZ2 = ~40 TB usable1Backups + blob storage
ProtocolNFS v4.1 / SMB3 / S3-compatible (MinIO)Blob storage (Azure Blob replacement)

Network Equipment

EquipmentSpecificationQtyPurpose
Core switchCisco Catalyst 9200L-24P-4X-E (10GbE uplinks, 24-port PoE+)2 (stacked)Server interconnect
Firewall / UTMFortinet FortiGate 200F or pfSense XG-7100 (10 Gbps throughput, IDS/IPS)1 (active/passive HA pair)Perimeter security, VPN
Internet connectionMinimum 200 Mbps dedicated leased line (1 Gbps recommended); secondary 100 Mbps failover2 ISPsUser access + email delivery
UPSAPC Smart-UPS 3000VA rack-mount — 15 min runtime at full load2Server room power backup
PDUAPC Rack PDU 2G, switched, 32A2 (per rack)Remote power management
KVM over IPRaritan Dominion KX III or IPMI 2.0 on each serverPer serverOut-of-band management

VM Layout on On-Premises Hosts

VM NameOSvCPURAMDiskHost
hrsanad-web-01Ubuntu 22.04 LTS48 GB64 GB SSDHost 1
hrsanad-web-02Ubuntu 22.04 LTS48 GB64 GB SSDHost 2
hrsanad-api-01Ubuntu 22.04 LTS816 GB64 GB SSDHost 1
hrsanad-api-02Ubuntu 22.04 LTS816 GB64 GB SSDHost 2
hrsanad-worker-01Ubuntu 22.04 LTS48 GB32 GB SSDHost 1
hrsanad-pg-primaryUbuntu 22.04 LTS1664 GB2 TB NVMeDB Server
hrsanad-pg-replicaUbuntu 22.04 LTS832 GB2 TB NVMeDB Server
hrsanad-redisUbuntu 22.04 LTS412 GB32 GB SSDHost 2
hrsanad-lb (nginx)Ubuntu 22.04 LTS24 GB16 GB SSDHost 1 + 2 (VRRP)
hrsanad-monitoringUbuntu 22.04 LTS48 GB200 GB SSDHost 1
Total vCPU62 vCPU176 GB~4.5 TB

Minimum OS Requirements (All Servers)

Operating System: Ubuntu Server 22.04 LTS (Jammy) — preferred for all VMs. Alternatives: RHEL 9 / Rocky Linux 9 (enterprise support). Windows Server 2022 Standard is supported for AD integration only — do not run application workloads on Windows. All servers must have SELinux or AppArmor enabled.
5

Cloud vs On-Premises — Decision Matrix

Side-by-side comparison to inform deployment decision
☁ Cloud (Azure) RECOMMENDED
Capital expenditure$0 (OPEX model)
Monthly cost (est.)$2,800–$3,500/month
3-year TCO~$126,000
Setup time1–2 weeks
Uptime SLA99.95% (Azure SLA)
Disaster recoveryBuilt-in geo-redundancy
ScalingElastic — minutes
MaintenanceManaged (Azure handles OS/HW)
Security patchingAzure auto-patching available
Data residencyIn-country Azure region
IT skills neededAzure Admin (AZ-104)
Best forSMB, fast deployment, no DC
🏢 On-Premises
Capital expenditure$85,000–$110,000 (one-time)
Monthly cost (est.)$800–$1,200/month (power, support)
3-year TCO~$125,000–$155,000
Setup time4–8 weeks
Uptime SLADepends on your infrastructure
Disaster recoveryManual — requires DR site
ScalingManual — hardware procurement
MaintenanceFull responsibility on customer
Security patchingManual — scheduled windows
Data residencyFull control — on your premises
IT skills neededLinux sysadmin + DBA + network
Best forRegulated industries, full control
6

Bill of Materials — Cloud Deployment (Azure)

Monthly recurring costs — pricing based on Azure Pay-As-You-Go rates, UAE North region
#ItemSpecificationQtyUnit/Month (USD)Monthly Total
Compute$1,068
C-01Web App VM (Standard_D2s_v5)2 vCPU, 8 GB RAM, Ubuntu 22.042$134$268
C-02API Server VM (Standard_D4s_v5)4 vCPU, 16 GB RAM, Ubuntu 22.042$270$540
C-03Worker VM (Standard_D2s_v5)2 vCPU, 8 GB RAM, Ubuntu 22.041$134$134
C-04OS Disks (P10 SSD 64 GB)Premium SSD P105$25.20$126
* 1-year Reserved Instance pricing saves ~37% — see note at end of section
Database$756
D-01PostgreSQL Flexible Server PrimaryStandard_D4ds_v4, 16 GB RAM, 512 GB P30 SSD, Zone-HA1$498$498
D-02PostgreSQL Read ReplicaStandard_D2ds_v4, 8 GB RAM, 512 GB SSD1$228$228
D-03Azure Cache for Redis Standard C26 GB, TLS, RDB persistence1$30$30
Storage & CDN$95
S-01Azure Blob Storage (LRS)500 GB initial, hot tier1$10$10
S-02Azure CDN (static assets)100 GB/month egress1$8$8
S-03Azure Backup (VM + DB)Vault Standard, 200 GB backup storage1$42$42
S-04Log Analytics Workspace5 GB/day ingestion, 90-day retention1$35$35
Networking & Security$362
N-01Application Gateway v2 (WAF enabled)Standard_v2, OWASP ruleset, SSL termination1$180$180
N-02Azure Virtual NetworkVNet + 3 subnets + NSGs + private endpoints1$12$12
N-03Public IP Addresses (static)Standard SKU static IP2$8$16
N-04Azure Key VaultStandard tier, 10,000 operations/month1$4$4
N-05Azure Communication Services (email)10,000 emails/month1$1$1
N-06Azure Monitor + Application Insights5 GB logs/day1$80$80
N-07Outbound data transfer~100 GB/month egress1$9$9
N-08Azure DNSHosted zone + queries1$2$2
N-09DDoS Protection (optional)Network-level DDoS Standard1$58$58
Monthly Infrastructure Total (Azure)$2,281
💡 With 1-year Azure Reserved Instances (compute + DB): estimated monthly saving of ~$620 → effective monthly cost $1,661
Annual Infrastructure Cost (Pay-As-You-Go)$27,372/year
Annual Infrastructure Cost (1-Year Reserved)$19,932/year
7

Bill of Materials — On-Premises Deployment

One-time capital expenditure — indicative pricing (USD, ex-VAT)
#ItemSpecificationQtyUnit PriceTotal
Servers$52,000
SV-01Application Host Server × 2Dell PowerEdge R750 / HPE ProLiant DL380 Gen10+: Dual Xeon Silver 4314 (16C), 256 GB DDR4 ECC, 4×1.92TB NVMe RAID-10, Dual 10GbE, Redundant PSU 800W2$14,500$29,000
SV-02Database Server × 1Dell PowerEdge R750xs / HPE DL380 Gen10+: Dual Xeon Gold 5318Y (24C), 128 GB DDR4 ECC, 8×1.92TB NVMe RAID-10 + 4×4TB SAS RAID-5, Dual 10GbE, Redundant PSU1$18,000$18,000
SV-03NAS / Backup ApplianceTrueNAS / Synology RS3621RPxs: Xeon E-2356G, 32 GB ECC, 8×8TB SAS HDD, Dual 10GbE SFP+, redundant PSU — MinIO S3-compatible blob storage1$5,000$5,000
Networking$14,800
NW-01Core Switch (stacked)Cisco Catalyst 9200L-24P-4X-E, 24-port PoE+, 4×10G uplinks — 2 units stacked2$3,200$6,400
NW-02Firewall HA PairFortinet FortiGate 200F (10 Gbps NGFW, IDS/IPS, SSL inspection, VPN) — active/passive pair2$3,800$7,600
NW-03SFP+ DAC Cables10GbE Direct Attach Copper, 1m and 3m lengths10$30$300
NW-04Cat6a Patch Cables1m, 2m, 3m assorted50$10$500
Power & Cooling$7,200
PW-01UPS (Rack Mount)APC Smart-UPS 3000VA RM 2U — 15 min at 2,400W load, network card included2$1,800$3,600
PW-02Rack PDU (Switched)APC AP8653 Rack PDU 2G, Switched, 32A/208V, 20× C13 + 4× C192$800$1,600
PW-03Server RackAPC NetShelter SX 42U 600mm wide, with blanking panels and cable management2$1,000$2,000
Virtualisation & Management$6,400
VM-01VMware vSphere Essentials Plus KitvSphere 8 for 3 hosts + vCenter, 1-year SnS1$4,200$4,200
VM-02KVM over IP SwitchRaritan Dominion KX III-116 — 16-port KVM1$1,200$1,200
VM-03Network monitoring probePRTG Network Monitor (500 sensors perpetual)1$1,000$1,000
Installation & Cabling$4,500
IN-01Rack installation & cable managementLabour: server racking, cable dressing, labelling1$1,500$1,500
IN-02Structured cablingPatch panel, wall ports, cable runs (up to 20 drops)1$2,000$2,000
IN-03Environmental monitoringTemperature/humidity sensor with SMS alert2$500$1,000
On-Premises Hardware Total (One-Time CAPEX)$84,900
Annual power cost estimate (UAE/Ireland): ~$4,800/year @ average 5 kW load × 24h × $0.11/kWh
Annual hardware maintenance (3-year HW warranty included; post-warranty support contract): ~$6,000–$9,000/year
8

Software & Third-Party Licences

Open-source (free), commercial (charged), and annual subscription items
#SoftwarePurposeLicence TypeAnnual Cost
Operating System$0
OS-01Ubuntu Server 22.04 LTSAll application VMs and database serversFree (Canonical) — LTS until Apr 2027; ESM extended to 2032$0
OS-02Ubuntu Pro (optional)Extended Security Maintenance (ESM), FIPS, Livepatch — for compliance-sensitive deploymentsUbuntu Pro — $25/server/year (on-prem)$200
Database$0
DB-01PostgreSQL 16Primary database engineFree open source (BSD licence) — community supported$0
DB-02pgBackRestPostgreSQL backup and restore (WAL archiving)Free open source (MIT)$0
DB-03pgBouncerConnection pooling for PostgreSQLFree open source$0
Application Runtime$0
RT-01Node.js 20 LTSAPI and frontend runtimeFree (MIT)$0
RT-02Docker Engine + Docker ComposeContainer runtime (non-Swarm)Free (Apache 2.0)$0
RT-03Redis 7 (self-hosted)Cache and BullMQ queue brokerFree (RSAL 2.0) — or Redis Cloud Essentials $7/month$0
RT-04Nginx (load balancer / on-prem)Reverse proxy and SSL terminationFree (BSD)$0
Monitoring & Observability$0–$480
MO-01Prometheus + GrafanaMetrics collection and dashboardsFree open source (Apache 2.0)$0
MO-02Grafana Cloud (optional)Managed Grafana with alerting — 14-day retention free tierFree tier / $9/user/month for Pro$0–$108
MO-03Uptime RobotExternal uptime monitoring, 5-min checks, SMS alerts$7/month (Pro plan)$84
MO-04Sentry (error tracking)Application exception monitoring, source map supportFree tier (5K errors/month) / $26/month Team$0–$312
Security$200–$600
SE-01Let's Encrypt SSL CertificatesTLS certificates for all domains (auto-renewed via Certbot)Free$0
SE-02CrowdSec (WAF / IDS)Crowd-sourced intrusion prevention, rate limiting, IP reputationFree (open source) — Cloud Console $0–$100/year$0–$100
SE-03Wazuh SIEMSecurity Information and Event Management, file integrity monitoringFree open source (GPLv2)$0
SE-04Snyk (dependency scanning)Scan npm dependencies for CVEs in CI/CD pipelineFree tier / $25/month Team$0–$300
SE-05Cloudflare (DNS + DDoS) — optionalDNS-level DDoS mitigation, CDN, Bot managementFree (Pro $20/month)$0–$240
CI/CD & DevOps$0
CD-01GitHub ActionsCI/CD pipelines (build, test, deploy)Free for public / $4/user/month (private repo)$0–$96
CD-02GitHub RepositorySource code hosting, PR reviews, issue trackingFree (Team $4/user/month)$0
CD-03Docker HubContainer image registryFree (Pro $7/month for private repos)$0–$84
Email Delivery$200–$600
EM-01SendGrid (email delivery)Transactional email (payslips, alerts, OTP) — 100 emails/day freeEssentials $19.95/month (100K emails/month)$240
Annual Third-Party Software Total (minimum)$524/year
Annual Third-Party Software Total (full optional stack)$2,004/year
9

HRSanad Application Licence & Subscription

HRSanad platform licencing tiers and pricing
#Licence ItemDescriptionUnitUnit PriceTotal (Annual)
HRSanad Platform Licence — 1,000 Employees
L-01HRSanad Core Platform (SaaS/Cloud)All 9 modules: Personnel, Leave, Payroll, TNA, Appraisal, Recruitment, Training, Reports, ESS. Includes updates, security patches, and bug fixes. Up to 1,000 employees.Per employee/year$36$36,000
L-02HRSanad Core Platform (On-Premises)Perpetual licence — same module scope. Annual Software Assurance (maintenance + updates) = 20% of licence fee. On-premises requires customer to manage infrastructure.One-time + 20% SA/year$60,000 + $12,000/yr$72,000 (yr 1)
L-03HRSanad WPS / Payroll Compliance Add-onWPS SIF file generation (UAE), PMOD (Ireland), GOSI export. Required for countries with statutory payroll reporting.Per tenant/year$1,200$1,200
L-04HRSanad Advanced Analytics & BI Add-onBuilt-in Metabase dashboards, custom report builder, workforce analytics, attrition predictions.Per tenant/year$2,400$2,400
L-05HRSanad Mobile App (Android + iOS)Employee mobile app for clock-in, leave requests, payslip view, approvals. GPS + photo capture. Per-tenant deployment.Per tenant/year$1,800$1,800
L-06Additional Employee Packs (if exceeding 1,000)Each 250-employee increment above base tier.Per 250 employees/year$6,000As needed
L-07Multi-Tenant / Group LicenceFor organisations with multiple legal entities (multiple companies within one HRSanad instance). Includes shared org master, consolidated reporting.Per additional company/year$4,800As needed
Professional Services (One-Time)
PS-01Implementation & ConfigurationSystem configuration, org structure setup, workflow configuration, pay component setup, holiday calendar, initial admin training.Fixed price$8,000
PS-02Data MigrationMigration from legacy HRMS or Excel. Includes employee master, leave balances, payroll history (last 12 months), documents.Fixed price$6,000
PS-03Integration DevelopmentERP / accounting system integration (SAP, Oracle, Xero, Sage, QuickBooks). Per integration point.Per integration$3,500$3,500
PS-04Go-Live Support (4 weeks)Dedicated support engineer available during first payroll run, go-live week, and 4-week hypercare period.Fixed price$4,500
SaaS Licence (Year 1) — Platform + Compliance Add-on + Implementation$55,700
SaaS Licence (Year 2 onwards) — Renewal$39,600/year
On-Premises Licence (Year 1) — Platform + SA + Implementation$90,500
10

Training Packages

Online, classroom, and self-paced options for all user roles
🖥 HRSanad Online Training — HR Administrator
Online / Self-Paced
  • System overview and navigation
  • Employee master management (all 6 tabs)
  • Organisation structure setup
  • Leave type configuration and approvals
  • Payroll run cycle (draft → finalized)
  • TNA: shifts, rosters, attendance corrections
  • Appraisal cycle setup and management
  • Report generation and exports
  • User access management
  • Includes: 12 HD video modules, quizzes, certificate
$480 / user
⏱ 8–10 hours | Valid 12 months | On-demand access
📊 HRSanad Online Training — Payroll Officer
Online / Self-Paced
  • Pay component setup and salary structures
  • Monthly payroll run walkthrough
  • Payslip review and corrections
  • WPS / SEPA / PMOD file generation
  • Loan management and deduction setup
  • Gratuity / redundancy calculation review
  • Journal voucher and GL export
  • Year-end procedures and audit reports
  • Includes: 8 video modules + live payroll simulation
$380 / user
⏱ 6–8 hours | Valid 12 months | On-demand access
👤 HRSanad Online Training — Employee (ESS)
Online / Self-Paced
  • ESS portal login and navigation
  • Viewing payslips and downloading PDFs
  • Applying for leave and checking balance
  • Loan application and installment view
  • Viewing attendance and raising corrections
  • Profile update and password management
  • Mobile app clock-in (GPS and photo)
  • Includes: 4 short video modules + interactive tour
$60 / user
⏱ 1–2 hours | Valid 12 months | Free for 1,000+ seat clients
🏫 HRSanad Classroom Training — HR & Payroll Team
On-Site / Classroom
  • Full-day instructor-led training (3 days)
  • Day 1: System setup, org structure, employee master
  • Day 2: Leave management, TNA, payroll cycle
  • Day 3: Appraisal, recruitment, reporting, admin
  • Hands-on exercises using your live configuration
  • Max 12 participants per session
  • Printed reference guide + digital workbook
  • Post-training Q&A support (30 days via email)
  • Includes travel (within country) and trainer expenses
$4,200 / session (up to 12 participants)
⏱ 3 full days on-site | Scheduled within 30 days of go-live
🔧 Server Maintenance Training
On-Site / Hybrid
  • Server architecture and component overview
  • Linux server administration (Ubuntu 22.04)
  • Docker and container management
  • PostgreSQL DBA basics (backup, restore, monitoring)
  • Redis administration and memory management
  • Nginx / load balancer configuration
  • Log management and Grafana dashboards
  • Incident response and escalation procedures
  • Azure Portal navigation (cloud deployments)
  • VMware / Proxmox VM management (on-prem)
  • Runbook and SOPs handover
$3,500 / session (up to 4 IT staff)
⏱ 2 full days | Recommended for IT/sysadmin team only
📚 HRSanad Offline Training Kit — Complete
Documentation
  • Full printed Administrator Manual (300+ pages)
  • Payroll Officer Reference Guide (150 pages)
  • ESS Employee Quick Start Guide (20 pages)
  • Server Administration Runbook (120 pages)
  • Backup & Recovery Procedure Manual
  • Patch Management Procedures
  • Disaster Recovery Plan template
  • All documentation in PDF + editable DOCX
  • USB drive with offline video library (12 modules)
  • Branded with customer organisation name/logo
$1,800 / set (one-time)
📦 Physical delivery + digital download | Updated annually
Training PackageFormatDurationAudiencePrice
Online — HR AdministratorSelf-paced video8–10 hrsHR Admins, HR Officers$480/user
Online — Payroll OfficerSelf-paced video6–8 hrsPayroll team$380/user
Online — Employee ESSSelf-paced video1–2 hrsAll 1,000 employees$60/user (free for large clients)
Classroom — HR & PayrollOn-site 3-day3 daysUp to 12 staff$4,200/session
Server Maintenance TrainingOn-site / hybrid2 daysIT team (max 4)$3,500/session
Offline Documentation KitPhysical + digitalReferenceAll roles$1,800/set
Recommended Training Bundle (1,000-employee deployment)$11,900
Bundle includes: Classroom training (1 session), Server Maintenance (1 session), Online HR Admin (5 users), Online Payroll (3 users), Offline Kit (1 set), ESS training waived
11

Maintenance & Support Services

Annual support tiers and included services
ServiceStandard (included)Premium +$4,800/yrEnterprise +$12,000/yr
Support hoursBusiness hours (9am–6pm Sun–Thu)Extended (8am–8pm, 7 days)24×7 with on-call
Response SLA (Critical)4 business hours2 hours30 minutes
Response SLA (High)1 business day4 hours2 hours
Response SLA (Medium/Low)3 business days1 business day4 hours
Support channelEmail + ticketing portalEmail + phone + portalDedicated Slack channel + phone
Bug fixesIncluded — next releaseIncluded — expeditedIncluded — hotfix within 48 hrs
Application updatesQuarterly releasesMonthly releasesBi-weekly + hotfixes
Security patchesWithin 30 days of CVEWithin 7 daysWithin 48 hours
OS / dependency patchingCustomer responsibilityAdvisory onlyManaged patching included
Health check reviewsAnnualQuarterlyMonthly
Named account managerNoYesYes (senior)
Training credits/year2 online user licences5 online user licencesUnlimited online + 1 classroom day
Payroll compliance updatesIncluded (annual)IncludedIncluded + advance preview
12

Backup & Recovery Procedures

Recovery objectives, schedule, and restoration process
🎯

Recovery Objectives

RPO (data loss)≤ 1 hour
RTO (downtime)≤ 4 hours
Backup frequencyHourly (DB), Daily (full)
Retention — daily14 days
Retention — weekly12 weeks
Retention — monthly12 months
Retention — annual7 years (payroll)
Offsite copyYes — different region
📅

Backup Schedule

Continuous WALEvery transaction
Hourly snapshotPostgreSQL base backup
Daily full backup02:00 local time
Blob storage syncEvery 4 hours
VM snapshotDaily (Azure Backup)
Config backupOn every deploy
Offsite replicationDaily (geo-redundant)
🔄

Restoration Steps

Step 1Identify incident scope
Step 2Select recovery point
Step 3Restore PostgreSQL from pgBackRest
Step 4Apply WAL to target time
Step 5Verify data integrity
Step 6Restore blob storage
Step 7Smoke test all modules
Step 8Notify users and resume
🧪

Backup Testing

Monthly restore drillDB point-in-time test
Quarterly DR drillFull system restore test
Annual DR exerciseFull failover simulation
VerificationpgBackRest --verify
Alert on failureEmail + SMS within 5 min
DocumentedTest result log retained
Backup TypeToolFrequencyStorage TargetEncryptionRetention
PostgreSQL continuous WALpgBackRestContinuous (per transaction)Local NVMe + S3/Blob offsiteAES-2567 days WAL
PostgreSQL full backuppgBackRest base backupDaily at 02:00Local + offsite BlobAES-25614 daily, 12 weekly
Blob / file storageAzure Blob versioning / rcloneEvery 4 hours + versionedOffsite Azure regionAt-rest encryption30 days soft delete
VM snapshotsAzure Backup / VMware snapshotsDailyVault (cloud) / NAS (on-prem)Vault encryption14 days
Application config & secretsAzure Key Vault / Git (encrypted)On changeGit repo (encrypted) + Key VaultVault encryptionIndefinite (versioned)
Redis persistenceRedis RDB snapshotsEvery 60 minutesLocal diskFilesystem encryption24 hours
Payroll records (compliance)pgBackRest annual archiveAnnual (post year-end)Cold storage (Azure Archive)AES-2567 years

Critical Backup Rules

1. Backups must never reside on the same physical disk as the primary data.   2. All backup restoration must be tested monthly — an untested backup is not a backup.   3. Encryption keys must be stored in Key Vault, not alongside the backup files.   4. Payroll data backups must be retained for a minimum of 7 years per UAE Labour Law / Irish Revenue requirements.
13

Patch Management Procedures

Server OS patching, application patching, and emergency CVE response

Server OS Patch Management

StepActivityFrequencyOwnerProcedure
1CVE monitoringDaily automated scanSecurity teamUbuntu Pro ESM alerts + Wazuh SIEM + USN (Ubuntu Security Notices) subscription. Automatic notification when packages with CVE ≥ CVSS 7.0 affect installed versions.
2Patch classificationWeekly reviewIT leadCritical (CVSS ≥ 9): patch within 48 hours. High (7–8.9): patch within 7 days. Medium (4–6.9): patch within 30 days. Low (< 4): patch at next scheduled window.
3Patch stagingBefore productionDevOpsApply patches to staging environment first. Run full automated test suite (Vitest + Playwright). Allow 24-hour soak period before production.
4Scheduled maintenance window2nd Sunday monthly, 02:00–06:00 localIT leadsudo apt update && sudo apt upgrade -y. For kernel updates: schedule reboot. Coordinate with HR team to avoid payroll processing dates.
5Unattended upgrades (security only)DailyAutomatedEnable Ubuntu unattended-upgrades for security patches only. Reboot policy: never auto-reboot (manual reboot at next maintenance window).
6Kernel live patchingAs releasedAutomatedEnable Canonical Livepatch (Ubuntu Pro) — applies kernel security patches without reboot on production servers.
7Post-patch validationAfter each patch windowDevOpsRun smoke tests: health check endpoints, sample payroll calculation, leave request, ESS login. Monitor error rates for 2 hours post-patch.
8Rollback procedureIf post-patch issues detectedDevOpsFor VMs: revert to pre-patch snapshot. For packages: apt-get install <package>=<previous-version>. For DB server: stop PostgreSQL, restore from last backup before patching.
9Patch recordAfter each windowIT leadUpdate patch log spreadsheet: date, server, packages patched, CVEs addressed, test results, approver sign-off. Retain for 3 years for compliance audit.

Application Patch Management

StepActivityFrequencyProcedure
1Dependency vulnerability scanningEvery CI/CD runSnyk / npm audit runs on every pull request and nightly. Blocks deployment if any critical CVE found in npm dependencies.
2HRSanad application update (SaaS)Quarterly or as releasedHRSanad publishes release notes 14 days before update. Customer approves. Update applied in maintenance window. No downtime for minor updates.
3HRSanad application update (On-Prem)Quarterly1) Pull updated Docker image from registry. 2) docker compose pull && docker compose up -d. 3) Run DB migrations automatically. 4) Verify health endpoint returns 200. Rollback: docker compose down && docker compose up -d --scale web=0 then restore previous image tag.
4Node.js LTS version upgradeAnnual (LTS release)Upgrade from Node 20 LTS to next LTS. Test in staging for 2 weeks. Coordinate with HRSanad team to confirm compatibility. Update Dockerfile base image.
5PostgreSQL minor version updateQuarterlyReview PostgreSQL release notes. For minor versions (16.x → 16.y): apply in maintenance window, restart service. For major versions: full migration plan required — consult HRSanad support.
6Payroll compliance rule updatesAnnual (or on law change)When tax laws / leave laws change (e.g. new UAE Labour Decree, Irish Budget changes): HRSanad pushes compliance update within 30 days of law publication. Emergency update for mid-year changes.
7Emergency hotfix deploymentAs needed (critical bugs)HRSanad hotfix SLA: P1 critical bug (data loss, payroll error) — hotfix within 48 hours. P2 high bug (module unusable) — fix within 5 business days. Hotfix deployed out-of-band, customer notified 1 hour before.

Zero-Downtime Deployment Strategy

All application patches use a rolling deployment: update one API instance while the other continues serving traffic, then swap the load balancer over. Typical patch window: < 5 minutes for application patches, < 2 minutes for configuration updates. Database migrations run on startup with automatic rollback on failure.
14

Grand Total & Payment Terms

All-inclusive investment summary for Year 1 and Year 2+

Option A — SaaS / Cloud Deployment (Recommended)

CategoryItemYear 1Year 2+
HRSanad PlatformSaaS licence — 1,000 employees + Compliance Add-on$37,200$37,200/yr
ImplementationImplementation, data migration, integration, go-live support$21,500
Azure InfrastructureCloud compute, DB, storage, networking (Pay-As-You-Go)$27,372$27,372/yr
Software licencesThird-party software (minimum stack)$524$524/yr
TrainingRecommended bundle (classroom + server + online + docs)$11,900$2,400/yr
SupportStandard support (included in SaaS licence)IncludedIncluded
TOTAL — Option A, Year 1$98,496$67,496/yr
With 1-year Reserved Instances: Year 1 reduces by ~$7,440 → $91,056. Year 2+ reduces to $59,256/yr.

Option B — On-Premises Deployment

CategoryItemYear 1Year 2+
HRSanad PlatformPerpetual licence + 20% annual SA + Compliance Add-on$73,200$13,200/yr
ImplementationImplementation, data migration, integration, go-live support$21,500
HardwareServers, networking, power, rack (CAPEX)$84,900
Software licencesVMware + monitoring + third-party$5,724$4,524/yr
TrainingRecommended bundle$11,900$2,400/yr
Power / facilities (est.)~5 kW × 8,760h × $0.11/kWh$4,800$4,800/yr
Hardware maintenancePost-warranty support contract (from Year 4)Included (warranty)$7,200/yr
TOTAL — Option B, Year 1$202,024$32,124/yr
On-premises becomes more cost-effective than cloud after approximately Year 5 (break-even at ~$350K TCO).

Recommended Investment — Option A (SaaS / Cloud)

$98,496
Year 1 all-inclusive — platform, infrastructure, implementation, training. Excluding VAT.
Year 2 Annual Renewal
$67,496
3-Year Total Cost
$233,488
Cost Per Employee/Year
$78 / emp

Payment Schedule

30%
of Year 1 total
On contract signing
30%
of Year 1 total
On go-live date
25%
of Year 1 total
30 days post go-live
15%
of Year 1 total
60 days post go-live

Payment Notes

All amounts in USD. Bank transfer preferred (SWIFT/IBAN). VAT/GST/sales tax will be added as applicable by jurisdiction. Year 2+ renewals are invoiced annually, 30 days before renewal date. Annual inflation adjustment: CPI + 2% cap on renewal pricing.
15

Legal Notice, Terms & Conditions

Governing terms for this proposal and any resulting agreement

1. Validity of This Proposal

This proposal and all pricing herein is valid for 90 days from the date of issue (20 April 2026). After this date, prices are subject to revision. HRSanad Solutions reserves the right to withdraw or amend this proposal at any time before a signed contract is executed.

2. Scope and Exclusions

  • This proposal covers the items explicitly listed in Sections 6–13. Any work not listed is out of scope and will require a separate change order and additional quotation.
  • Hardware prices are indicative and subject to market availability at time of order. Final hardware costs will be confirmed on purchase order.
  • Third-party software pricing (Azure, AWS, VMware, etc.) is subject to change by the respective vendor and is passed through at actual cost.
  • Integration development (PS-03) is estimated per integration point. Complex integrations may require additional scoping.
  • Travel and accommodation for on-site training and implementation services will be charged at cost if outside the Greater Dubai metropolitan area / Dublin metropolitan area.

3. Intellectual Property

  • The HRSanad software platform, including all source code, algorithms, database schemas, and documentation, remains the exclusive intellectual property of HRSanad Solutions at all times.
  • Customer data loaded into HRSanad remains the exclusive property of the Customer. HRSanad Solutions will not access, process, or disclose customer data except as required to provide the contracted services or as required by applicable law.
  • Customisations developed specifically for a Customer are owned jointly unless otherwise agreed in writing.
  • The Customer is granted a non-exclusive, non-transferable licence to use the HRSanad software for the duration of the contract term (SaaS) or perpetually (on-premises, subject to Software Assurance).

4. Data Protection & Confidentiality

  • Both parties agree to maintain strict confidentiality regarding the terms of this proposal and any confidential business information exchanged.
  • HRSanad Solutions processes customer employee data as a Data Processor under applicable data protection laws (UAE PDPL / EU GDPR / Irish Data Protection Act 2018). A Data Processing Agreement (DPA) will be executed before go-live.
  • Customer data is stored in the agreed data residency region and is not transferred outside that region without the Customer's prior written consent.
  • HRSanad Solutions maintains ISO 27001-aligned information security policies. Security audit reports are available to Enterprise customers upon request under NDA.

5. Service Level Agreement

  • SaaS Cloud uptime SLA: 99.9% monthly uptime (excluding scheduled maintenance windows, which will not exceed 4 hours per month and will be communicated at least 48 hours in advance).
  • SLA credits: for each full hour below 99.9% in a calendar month: 1-day service credit; below 99.5%: 1-week credit; below 99.0%: 1-month credit.
  • SLA credits are the Customer's sole remedy for downtime and will not exceed the monthly fee for the affected service.
  • SLA does not apply to: Customer-caused outages, force majeure events, third-party service failures (Azure, DNS), or scheduled maintenance.

6. Liability Limitations

  • HRSanad Solutions' total aggregate liability under this agreement shall not exceed the total fees paid by the Customer in the 12 months preceding the claim.
  • HRSanad Solutions shall not be liable for indirect, consequential, special, or punitive damages, including loss of profits, loss of data, or business interruption.
  • The Customer is solely responsible for verifying that payroll calculations comply with applicable employment and tax laws. HRSanad Solutions provides the calculation engine; compliance is the Customer's legal obligation.

7. Termination

  • Either party may terminate the SaaS agreement with 90 days' written notice before the renewal date.
  • Termination for cause (material breach uncured within 30 days): immediate termination with no further obligation.
  • On termination: HRSanad Solutions will provide a full data export (PostgreSQL dump + blob files) within 30 days. Data will be securely deleted from HRSanad systems within 90 days of export delivery.
  • No refund for prepaid annual fees on voluntary termination.

8. Governing Law & Dispute Resolution

  • This agreement is governed by the laws of the United Arab Emirates (for GCC deployments) or the Republic of Ireland (for Ireland/EU deployments), without regard to conflict-of-laws principles.
  • Any disputes shall first be referred to senior management of both parties for resolution within 30 days. If unresolved, disputes shall be submitted to binding arbitration under DIAC (UAE) or LCIA (Ireland/UK) rules.

9. Warranties

  • HRSanad Solutions warrants that the software will perform substantially as described in the product documentation during the term of the agreement.
  • HRSanad Solutions does not warrant that the software will be error-free or uninterrupted, but commits to the SLA and support response times in Section 11.
  • The Customer warrants that it has the legal authority to enter into this agreement and that all employee data provided has been collected lawfully.

10. Acceptance

Acceptance of this proposal is signified by the Customer's signature on the accompanying Service Agreement or by written confirmation (email) from an authorised representative of the Customer. This proposal does not constitute a binding contract until a formal Service Agreement is signed by both parties.

For and on behalf of HRSanad Solutions
Authorised Signatory  |  Name: ________________
Date: ________________
For and on behalf of Customer
Authorised Signatory  |  Name: ________________
Date: ________________
HRSanad Solutions — Modern HRMS for the Modern Workforce
Document Ref: HRS-PRE-2026-001  |  Prepared: 20 April 2026  |  Valid: 90 days
Confidential — Not for distribution outside the named client organisation