Selima HR and Payroll

Selima is a leading developer and supplier of the following: * Modern, intuitive, cloud based HR software * Highly functional and automated Payroll software * Efficient, UK based managed payroll services Buyers may choose to procure all of some of the above.


  • Managed Payroll Service and software for schools, college, local authorities
  • Cloud HR software
  • Mobile enabled manager and employee self service
  • Holiday and sickness absence management
  • Training, learning and development and appraisals
  • Recruitment, applicant tracking, candidate portal
  • Expenses and mileage claims
  • Staff scheduling, rostering, rotas, workforce planning, timesheets
  • Reporting, dashboards, business intelligence, management information
  • Workflow


  • Elimination of duplication and reduction of administration time
  • Payroll accuracy and timeliness
  • Low cost of ownership
  • Positive return on investment
  • Mobile enable your workforce
  • Configure to your organisations exact needs
  • Highly secure ISO27001 and ISO9001 accredited
  • Local government pension scheme (LGPS) compliant
  • Teachers Pension Scheme (TPS) compliant
  • Modern and intuitive user interface


£1000 per instance per month

  • Education pricing available

Service documents

G-Cloud 9



lyndsay Johnson


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Selima HR can be purchased in conjunction with Selima Payroll or either can be purchased on their own.
Cloud deployment model Private cloud
Service constraints The target SLA (or uptime) is 99.99% outside of scheduled maintenance which is achieved. To our knowledge there are no limitations to the support provided by Selima's subject matter experts. Each request for support will be fully evaluated to assist in ensuring the expected outcomes are achievable. Selima will undertake a full business discovery exercise at the commencement of any project. The purpose of this is to understand how companies work, what it is trying to achieve and identify any resource constraints that exist.
System requirements Web browser access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The Support desk is contactable by phone or email during office hours (Monday to Friday 9:00 - 17:30) and an online ticketing system is available 24/7. Response times are in accordance with the severity of the issue.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Selima have a support helpdesk, based in the UK and made up of 12 full time product specialists, and it is their responsibility to provide on-going support for users. The service operates during normal working hours, 9am – 5.30pm Monday to Friday, out of hour’s service can also be arranged on request.Incidents can be reported and progressed in the following ways:-
Support via DMS: Calls are logged via a web based support DMS system. (Default method)
Telephone Support: For critical issues the Customer can telephone the Supplier’s Support Desk or e-mail the hotline e-mail address which will be available at all times during Normal Support Hours.
On Site Support: On-site support will be provided by the Supplier where appropriate in the event that tracker, telephone or email support does not, without undue delay, resolve an incident.
Remote Access: The Supplier can offer remote access support to provide enhanced assistance in agreement with the Customer. This is achieved by either virtual private networking or alternative dial-up methods.
Extraordinary Hours Support: Technical and Help Desk Support may be provided by request giving 3 working days’ notice and is subject to a separate charge at the daily rate prevailing at the time.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Selima can offer various levels of training either from our Sheffield head office or on your site and supplied from Selima employees.

The training for the HR system is split into two groups; administration and user. As every customer’s requirements are slightly different the training would be tailored to customers after scoping days to determine the exact level of training required.

Training would initially be delivered to the customers project team in order to facilitate appropriate testing of the systems during the UAT phases of the project. At various stages throughout the project implementation training will be delivered to other users on the systems relevant to their job role.

A range of training sessions would be provided covering the core HR functionality and operation of the system.

Additional training would be available on further HR modules subject to the functionality required for live running as identified within the scope of the project. There will be the opportunity to request additional system overview sessions for any customers who would use the HR system as part of their current role. These sessions can be tailored to suit each audience and will cover an overview based on analysis of group requirements undertaken.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We hope you will stay with Selima for many years. However, should you chose to leave at the end of your contract term, Selima shall use reasonable endeavours to assist in the transition and transfer of Payroll Services from Selima to a new service provider. If using the HR software, customers can run their own reports to obtain data, we will also provide YTD information. For reasonable additional fees mutually agreed, we can also provide any other data required by the new service provider.
End-of-contract process Selima shall use reasonable endeavours to assist in the transition and transfer of Payroll Services from Selima to a new service provider for reasonable additional fees as agreed in writing between the parties which shall be dependent upon the amount of additional services required by the new service provider or Client.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile view is designed for employee self service use for added convenience. The software re-sizes itself according to the size of the mobile device being used.
Accessibility standards None or don’t know
Description of accessibility Working towards complying with the Web Content Accessibility Guidelines (WCAG).
We are also in the process of ensuring that our solution conforms to the W3C “AA” standard for WCA.
Some features inbuilt are:
Ability to change the font and font size per user
Features of the browser and/or operating system may also be used to improve accessibility
Colours are user definable ensuring people with colour blindness can define colours whose shades can be distinguished . Colour identification text is displayed when users hover over the colour. Ticks, flags and asterisks are used where appropriate
Full keyboard functionality and keyboard shortcuts.
Accessibility testing Our system offers the ability to extract data into other systems, for example there are extracts written to allow for interfacing with eLearning systems. Imports and feeds can be taken from EPOS providers and fed into our system for processing and reporting.
Integration via Web Services would typically be agreed and can then be written to suit the requirement
In terms of manual data import via client user interface, there is a module within the software “Data manager” that allows manual imports to be carried out.
Customisation available Yes
Description of customisation We always engage with our customers to deliver software that will really benefit their organisation and we would welcome the opportunity to work with you on how we can customise our products even further to meet your specific needs.
For any customisation a scoping session will take place to identify best practice. Within the training provided by Selima customers will learn the basis of customisation in respect of creating hierachy, roles and permissions ensuring that access is customised accordingly. Selima will offer support and advise for any questions that may arise.
Customised work such as additional functionality will be completed by Selima's development team. A charge may apply for the dependant on complexity.


Independence of resources The target SLA (or uptime) is 99.99% outside of scheduled maintenance. This target has been achieved over a 12 month period.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Within Selima HR are there are 160 standard reports that can be extracted into a variety of different formats such as word, excel, pdf, powerpoint to name a few. Reports can be duplicated and edited to ensure that the selection criteria is as required.
Roles and Permissions are used to identify who has the relevant authorisation to run and extract the reports.

Customisable reports can be created by customers or alternatively Selima offer a consultancy service should there be a high level f complexity required.
Data export formats
  • CSV
  • Other
Other data export formats
  • Word
  • Excel
  • Powerpoint
  • HTML
  • Microsoft XPS
  • Text File
  • Image File
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The service will be available twenty four hours a day Monday to Sunday, including statutory holidays, with the exception of scheduled and emergency maintenance. Where our hosting supplier fails to meet any Service Level, the Client may request a Service Credit
Approach to resilience Selima software is hosted at Selima’s private cloud in Slough and delivered to you as SaaS through the browser of your choice.
Selima’s private cloud (via Secura Hosting Ltd) is a highly secure and resilient environment that hosts payroll software and data for numerous organisations. Over £1billion of salaries are paid each year using the Selima private cloud.
Secura Hosting provide hosting services to a wide range of private and public sector organisations including SaaS, e-commerce and financial businesses that must securely handle and store sensitive customer and business data.

The data centres include, but are not limited to, the following physical security controls:
24/7/365 on-site security team
3-metre-high perimeter fence
-Manned vehicle entry gate to site
Internal and External IP CCTV with complete site coverage
Full authentication & access policy control
Security bollards at building perimeter
Biometric entry system
Physical locks on Rack Doors
Access card restrictions within the building (Access granted to specific areas, not just the building)
Access request system (automated with logging data stored) & ‘approved requester lists’
Outage reporting Email alerts are in place to report outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Access is controlled by the customer through our roles and permissions admin screen. The screenshot to the right shows how easy to undertake this is. It enables the customer to control access at a very granular level and provides complete control in a very intuitive way.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations ISO 27001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes It is the responsibility of the Compliance & Governance Director to ensure that all employees understand and comply with information security policies and procedures. The Compliance & Governance Director is responsible to ensure that this procedure is maintained with up-to-date practices.
An Access Control Policy is documented in Information Security. This is available on the company server and is briefed to new staff as part of the induction process.
A Policy governing the use of telephones, email and the internet by staff is documented in the Staff Handbook which is signed for by all staff on induction.
A Data Security Policy is documented in the Staff Handbook which is signed for by all staff on induction.
The Selima Software Policy is documented in the Staff Handbook which is signed for by all staff on induction.
An Information Security Policy for Supplier Relationships is also defined.
The policies listed in above are reviewed a minimum of annually at Management Review Meetings to ensure that it remains suitable, adequate and effective. Meetings are attended by the senior management team and records are kept (minutes).
Other policies are reviewed during internal audits when the relevant procedure is reviewed.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes to Selima’s information systems, must be reviewed, approved, and if appropriate tested prior to implementation. Form F3038 Change Control shall be used to record all stages of the process. Major changes must be authorised by the Managing Director. Consideration should be given to security implications, and if appropriate plans should be put in place to test prior to implementation. Where testing is deemed to be necessary, this shall be recorded on F3038. Sensitive data, live user-IDs and live passwords should never be used as part of the test. Results of testing shall be recorded on F3038.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Any user who suspects that their computer may have been affected by a virus or malware shall immediately contact the Compliance & Governance Director. A note should be made of any messages or unusual behaviour, and the computer must not be used again until clearance has been given by the Compliance & Governance Director who shall be responsible for recovering the computer to its prior state. Firewalls and virus-checkers are in place and are controlled by third party provider Secura. No removable media shall be used in any computer unless it has first been virus checked.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Selima monitor performance in delivering the Services against the Service Levels and KPI’s.
Incident management type Supplier-defined controls
Incident management approach Breaches of security of information, actual or potential, is reported to the Compliance & Governance Director immediately.
Information Security Briefing F3016 reminds staff of this requirement.
Incidents are discussed at Management Review Meetings.
Contractors or third party users of Selima’s information systems will be informed of the need to report any actual or suspected weaknesses in information security to the Compliance & Governance Director.
The Compliance & Governance Director will provide feedback to the person(s) who reported the event or once it has been resolved. Staff maybe briefed increasing awareness of how to respond and avoid such incidents in future.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1000 per instance per month
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑