CoreHR Public Sector Solutions

CoreHR manages all strategic and transactional HR and Payroll processes. CoreHR’s next generation HCM technology removes all the complexity around your processes, allowing you to focus on what’s important – your people. Empower your global workforce with a mobile self-service experience, backed by analytics and real-time management information.


  • People management- fully automated HR processes and workflows, mobile platform
  • Workforce management- attendance and absence tracking, leave management
  • Payroll- HMRC accredited, total rewards, compensation and benefits management
  • Talent Acquisition- recruitment onboarding, social integration, applicant tracking
  • Learning and development- training adminstration, evaluation, course catalogue
  • Budget and forecasting- workforce planning, what-if modelling and analysis
  • Analytics and business intelligence- dashboards, management information, historical analysis
  • Knowledge centred support, eLearning, pre-configured environments, customer community


  • Pedigree- 35 year track record supporting easy & strategic HR
  • Access - 100% web-enabled, device agnositic and inherently mobile
  • Faster- User interface based on as few clicks as possible
  • Better- fully integrated, single database platform, consistent look and feel
  • Smarter- intuitive design built with usability and minimal training required
  • Insightful- single platform, single source of truth powered in-application analytics
  • Efficient- self-service driven functionality frees up HR/Payroll admin
  • Compliant- contracted legislative and statutory compliance
  • Flexible- fully configurable, scalable and modular options
  • Unlimited- supports global workforces, limitless users and high availability


£1.75 to £3.25 per unit per month

  • Education pricing available

Service documents

G-Cloud 11



Emma Keane

+44 2039 882 474

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints N/A
System requirements
  • CoreHR Certified Browers
  • Web Connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times -
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels CoreHR Standard Support Policy:
99.5% availability

CoreHR Premium Support Policy: (uplift £1pppm)
99.9% availability
Encryption at Rest
Dedicated Account Manager
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started CoreHR University is a one stop shop to learn about CoreHR products, take online Learning courses, view online manuals, assess your knowledge and get certified on CoreHR.
Our comprehensive range of courses are delivered by CoreHR subject matter experts and certification is available for each course.
This cost effective approach provides users with immediate support and reference material for completion of tasks.
Users have the freedom to learn at their own pace and at a time, location or even a device convenient to them. Simply visit, watch bite-sized videos, take the exam and get certified.

CoreHR SaaS-IM, our approach to Implementation, we apply a process based methodology founded on PRINCE2 in which all CoreHR consultants are trained. It employs proven Project Management methods, industry best practice and proven client experience to allow for an optimised approach to HR implementations. It is designed to be a flexible toolset which can be easily understood and applied to HR projects whether they contain Payroll, Personnel, T&A or anyother elements. This methodology uses a consistent approach to understanding requirements, implementing solutions to match client requirements and providing the wraparound services required to support the implementation and on going use by clients.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Microsoft Word
End-of-contract data extraction Upon request by Customer, within thirty (30) days after the effective date of termination or expiration of this Agreement, CoreHR will make the Customer Data available in an Oracle database extract format to Customer through the Service at no additional cost. After that thirty (30) day period, CoreHR will have no obligation to maintain or provide Customer Data (except by prior written agreement between the Parties and for an additional fee), and will thereafter securely delete or destroy all copies of the Customer Data in CoreHR’s system or otherwise in its possession or control, unless legally prohibited. Customer Data stored in backups will be deleted in accordance with then current schedule for deletion/overwriting of such backups. Customer Data stored in backups will not exceed onehundred (100) daysbeyond the effective date of termination.
End-of-contract process The Customer will be provided a with copy of the Customer Data in an in an Oracle Database Extract
format to Customer if they so request. This one-off export will be at no additional cost to Customer.
The CoreHR Data Export process is as follows:
1. Receipt of a JIRA requesting a data export for a Customer.
2. Receive written approval in the JIRA from The Head of Technical Services or Senior Infrastructure Solutions Architect to progress an Oracle Export.
3. Run the Oracle standard data pump technology and create the Customer specific Oracle Database Extract dump file.
4. The Customer will be requested to provide a Secure FTP site to facilitate the transfer.
5. The Customer will be asked to provide their public PGP key to facilitate secure encryption of the dump file.
a. If the Customer cannot provide a PGP key the file will be zipped and password protected.
b. This password will be shared by text message to an approved recipient in the Customer’s organisation.
6. Once completed the JIRA should be updated accordingly, confirming that the dump file has been securely shared and that the original dump file has been fully deleted from the CoreHR server.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service CoreHR automatically renders to mobile. CoreHR also have a native app
What users can and can't do using the API CoreHR’s solution is built on the Oracle technology stack meaning that it is very open in terms of integration which supports a variety of industry standards. Application program interfaces (API) are predefined processes within CoreHR that will carry out a specific action based on given inputs. The CoreHR application program interfaces are effectively a database stored library of procedures. For the simplicity of integration, only PL/SQL procedures are used (not functions) as the calling system will only need to make one type of call regardless of the nature of the specific API being utilised. A full overview of the API capability can be found in the attached document ‘CoreDataTalk Integration Overview’ and the public API site for CoreHR
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available No


Independence of resources Load balancers are deployed across two data centres within the CoreCloud Common Front End. In each datacentre the load balancers provide SSL-offloading and load balancing for all web requests destined for the web and application tiers in that datacentre. Global Site load balancing will be used to provide an Active / Active design. This Active / Active design will load balance all web requests across the web / application tiers in both datacentres based on a least connection basis. Traffic from the web/ application tiers will then talk to a database tier which will be active in a single datacentre.


Service usage metrics Yes
Metrics types CoreHR can provide usage and downtime metrics on request by the customer.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach On screen exporting available in Excel, CSV, TXT and HTML formats.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability With CoreHR Standard Support Policy CoreHR offers a 99.5% availability.
With CoreHR Premium Support Policy CoreHR offers a 99.9% availability.

Service levels are included within the support policy.
Approach to resilience The CoreHR Hosted Application is deployed within the BT Ireland Citywest Tier III Data Centre. It resides in what is termed as a shared managed Infrastructure. With the CoreHR solution resides within its own managed VLAN configuration, the service is comprised of bandwidth from three upstream providers with full transit resilience with an aggregate bandwidth of over 5Gbps. All three upstream providers are provided over diverse and fully resilient fibre networks which are in turn linked to both public and private peering points. The providers currently serving the data centre are BT Net, BT Global and Global Crossing hence we are not reliant on any single provider. For example, if all BT networks were to fail, the BT data centre IP network would continue to operate through our connectivity to Global Crossing. BT's IP network is designed to never run over 50% capacity. Outlined in the schematic below is the meshed IP network.
Outage reporting Email Alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels CoreHR has an Access Control Policy as part of our Information Security Policies.   The policy takes into account business and security requirements, is reviewed and approved by management and is communicated to all staff.  

As part of the policy, asset owners determine the appropriate access controls, rights and restrictions appropriate.  Physical and logical and network access controls are considered together with the information classification level of the asset.  Access rights are allocated on the principle of “least privilege” so the user only has access to those systems that are necessary for their role.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certification Europe
ISO/IEC 27001 accreditation date 25/01/2016
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Certification

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes CoreHR has an Information Security Policy which is approved by management, this is an element of the wider Information Security Management System against which the Organisation has been ISO 27001 Certified.

The policy is owned and published by the Chief Information Security Officer. It sets out the organisation's approach to security, the commitment from the senior management team and the specific security policies of the company.

The Information Security Policy is updated regularly, is published on our the corporate sharepoint and staff receive training on the policy during induction training and refresher trainng on a twice yearly basis.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach No changes are made to a customer environment without their request/approval. The only team within Core with the level of access required to introduce a software release to a customer environment is the DBA team. This request would need to come from the customer via the CoreHR support organisation. A Change control policy is in place and forms part of the organisations ISO 27001 certified ISMS this policy sits at an overaching organisational level and has additional Change Control policies as applicable at a per Busienss Unit level.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerability scans are completed in conjunction with our Datacenter partners-BT

Technical Vulnerability management within CoreHR is undertaken by the Information Security team. For example, the IT Manager has responsibility for assessing technical vulnerabilities with PCs, local networks and ensuring appropriate measures in place.

Risks to assets are assessed on an ongoing basis via CoreHR’s technical functions or via suppliers such as Oracles, McAfee, etc. Urgent or critical vulnerabilities or threats are addressed as a matter of urgency. Systems are high risk are addressed first. A risk assessment is also conducted on all assets as part of annual asset review
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Monitoring is carried out of all database activity including use of tools such as Oracle Enterprise Manager and Audit Vault auditing functionality. This monitors and records in logs selected / defined user database actions. Core security monitoring mechanisms trigger auditing when someone accesses or alters specified objects in an Oracle database, including the contents within a specified object.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach CoreHR has an Incident Response Procedure which outlines how an incident should be handled and reported. This procedure forms part of the organisations ISO 27001 certified ISMS. The IS policy also highlights to employees how suspicious activity can be reported.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.75 to £3.25 per unit per month
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Terms and conditions
Service documents
Return to top ↑