# Human Resource Management System (HRMS) **Instructions** * This page helps you prepare "*Solution Requirements*" section in Vendor Management Portal and you will see the exact questions and flow. * 🔴 **Mandatory questions:** Must answer "Yes" to continue * 🟡 **Preferred questions:** Can answer either way and continue * Follow the question flow as indicated *** #### Q1 🔴 **Mandatory** - Employee Records Management **Main Question:** **Can your solution manage a company's employee records in all the key HR administrative areas below?** **Personnel Management:** * i. Create employees records and details * ii. Allow for employee self-service to maintain updates **Payroll Management:** * i. Process E-payroll * ii. Generate MOM itemised payslip * iii. Comply to policy and statutory requirements **Leave Management:** * i. Manage leave applications and approvals * ii. Configure leave policy **Benefits and Claims Management:** * i. Process medical and transport claims * ii. Support multiple payment processing: Payroll, GIRO, cheque, and cash payment **Performance Appraisal Management:** * i. Set KPIs for individual employees for each appraisal cycle * ii. Provide online built-in self-service appraisal forms with employee tagging and manager routing for approval and scoring 🔴 **Answer:** ○ Yes \[Next: Q2] ○ No \[⚠️ Cannot Proceed] *** #### Q2 🟡 **Preferred** - Time Attendance Tracking **Main Question:** **Can your solution allow employees to clock-in and clock-out their time attendance for the purpose of Personnel management and Payroll calculations?** 🟡 **Answer:** ○ Yes \[Next: Q3] ○ No \[Next: Q3] *** #### Q3 🟡 **Preferred** - Employee Health Status Tracking **Main Question:** **Can your solution allow the tracking of vaccination status of employees and their test results for the purpose of Personnel management?** 🟡 **Answer:** ○ Yes \[Next: Q4] ○ No \[Next: Q4] *** #### Q4 🔴 **Mandatory** - Dashboards and Reports (HRMS) **Main Question:** **Can your solution provide dashboard and reports to allow a company's management to view, analyse, and manage employees' activities?** **Examples:** (e.g. Payroll reports, Leave Reports, Performance Appraisal Reports, Employee Attendance and Overtime Reports, etc) **Technical Requirements:** Your digital solution should have one or more dashboards that provide an at-a-glance overview of key metrics/indicators with at least 4 charts/graphs to help users analyse data through data visualisation. **Interactive Features Required:** The dashboard must include at least one of the following interactive features: * Option 1: Interactive charts/graphs that allow users to interact with one chart and apply that interaction as a filter to other charts on the dashboard, and vice versa * Option 2: At least three common filters/slicers applicable to ALL charts/graphs on the same dashboard 🔴 **Answer:** ○ Yes \[Next: Q5] ○ No \[⚠️ Cannot Proceed] *** #### Q5 🔴 **Mandatory** - Cloud and Multi-Device Accessibility **Main Question:** **Does your solution allow for cloud-based, mobile-based, and/or web-based usage?** 🔴 **Answer:** ○ Yes \[Next: Q6] ○ No \[⚠️ Cannot Proceed] *** #### Q6 🔴 **Mandatory** - Integration with Existing Accounting Solution **Main Question:** **Can your solution be integrated with user's existing accounting management solution to facilitate processing of employees' payroll?** 🔴 **Answer:** ○ Yes \[Next: Q7] ○ No \[⚠️ Cannot Proceed] *** #### Q7 🔴 **Mandatory** - IRAS Auto Inclusion Scheme (AIS) Compliance **Main Question:** **Is your solution listed on IRAS's List of Supporting Payroll Software Vendors for the Auto Inclusion Scheme (AIS) for employment income?** 🔴 **Answer:** ○ Yes \[Next: Q8] ○ No \[⚠️ Cannot Proceed] *** #### Q8 🟡 **Preferred** - AI Features HR **Main Question:** **Does your solution have any HR-Related AI Features?** 🟡 **Answer:** ○ Yes \[Next: Q9] ○ No \[Next: Q10] \-- #### Q9 🔴 **Mandatory Follow-up** - AI Features HR - Elaboration *This question appears only if you answered "Yes" to Q8* **Main Question:** **Describe your HR-Related AI features. Examples are:** **Example Features:** * a. A HR chatbot to answer FAQs on company policies, allow Leave and Claims applications to be submitted and approved via the chatbot and for the Leave and Claims balance to be automatically updated on HRMS, and assist with the employee onboarding process * b. Ability to identify irregularities in employee hours and payroll * c. Ability to identify and assess characteristics and trends across the entire employee population * e. Ability to predict future sources of staff turnover and employee performance * f. Others, please specify Click "Yes" to confirm you have completed the instructions. 🔴 **Answer:** ○ Yes \[Next: Q10] ○ No \[⚠️ Cannot Proceed] **Text Elaboration Required:** \[Text Box for Description] *** #### Q10 🔴 **Mandatory** - Business Data Extraction **Main Question:** **Can your solution enable SMEs to efficiently extract business data in various discrete formats such as CSV, XLSX, XML, and TSV?** 🔴 **Answer:** ○ Yes \[Next: Q11] ○ No \[⚠️ Cannot Proceed] *** #### Q11 🔴 **Mandatory** - Personal Data Protection **Main Question:** **Can your solution demonstrate compliance with the following Personal Data Protection requirements?** **Requirements:** Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020). **Instructions:** To comply with this requirement, you MUST complete the Personal Data Protection Requirements form at . 🔴 **Answer:** ○ Yes \[Next: Q12] ○ No \[⚠️ Cannot Proceed] *** #### Q12 🔴 **Mandatory** - Vulnerability Assessment/Penetration Testing (VA/PT) **Main Question:** **Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months?** **Scope Requirements:** The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities. **Submission Requirements:** Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications. **For Resellers:** If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope. **Qualified Third-party Definition:** Note: \[1] Qualified third-party refers to: CREST-certified companies \[ ] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications. Click "Yes" to confirm you have completed the instructions. 🔴 **Answer:** ○ Yes \[Next: Q13] ○ No \[⚠️ Cannot Proceed] **Date of Issue Required:** \[Date Field] **Upload Supporting Document Required:** \[File Upload] *** #### Q13 🟡 **Preferred** - Cybersecurity Compliance - Cyber Essentials Mark (CEM) **Main Question:** **Are you the Product Principal of the solution that you are submitting for pre-approval?** 🟡 **Answer:** ○ Yes \[Next: Q14] ○ No \[Next: Q16] \-- #### Q14 🟡 **Preferred** - CEM for Product Principal *This question appears only if you answered "Yes" to Q13* **Main Question:** **Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?** **Important Note:** Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory. **Reference:** Note: For more information on Cyber Essentials mark, please refer to 🟡 **Answer:** ○ Yes \[Next: Q15] ○ No \[Assessment Finished] \-- #### Q15 🔴 **Mandatory Follow-up** - CEM for Product Principal - Elaboration *This question appears only if you answered "Yes" to Q14* **Main Question:** **Please specify the following information:** **Required Information:** * i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors * i. The cybersecurity certification the organisation has met * ii. The scope of the certification **Upload Requirements:** Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field. Click "Yes" to confirm you have completed the instructions. 🔴 **Answer:** ○ Yes \[Assessment Finished] ○ No \[⚠️ Cannot Proceed] **Text Elaboration Required:** \[Text Box for Details] **Date of Issue Required:** \[Date Field] **Upload Supporting Document Required:** \[File Upload] \-- #### Q16 🟡 **Preferred** - CEM for Resellers *This question appears only if you answered "No" to Q13* **Main Question:** **Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?** **Important Note:** Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory. **Reference:** Note: For more information on Cyber Essentials mark, please refer to 🟡 **Answer:** ○ Yes \[Next: Q17] ○ No \[Assessment Finished] \-- #### Q17 🔴 **Mandatory Follow-up** - CEM for Resellers - Elaboration *This question appears only if you answered "Yes" to Q16* **Main Question:** **Please specify the following information:** **Required Information:** * i. The cybersecurity certification the organisation has met * ii. The scope of the certification **Upload Requirements:** Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field. Click "Yes" to confirm you have completed the instructions. 🔴 **Answer:** ○ Yes \[Assessment Finished] ○ No \[⚠️ Cannot Proceed] **Text Elaboration Required:** \[Text Box for Details] **Date of Issue Required:** \[Date Field] **Upload Supporting Document Required:** \[File Upload] {% hint style="info" %} **Preparing for submission?** Your submission should contain screenshots and write-ups that clearly demonstrate compliance with each mandatory requirement sub-point. [Contact us](https://form.gov.sg/68117f6fa667a54847523fd2) if you need help. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://preapproval-guide.imda.gov.sg/pre-approval-guide/stage-1-vendor-self-assessment/identify-suitable-solution-category/essential-business/human-resource-management-system-hrms.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.