MHR iTrent Integrated HR and Payroll

MHR provides software and outsourcing services for Human Capital Management (HCM), Payroll, Talent, learning, development and analytics. iTrent is a UK cloud-based, single database, integrated HR and payroll solution, that supports all aspects of HR management, recruitment and talent management. Complemented with a comprehensive business analytics suite.


  • Flexible software and outsourcing service packages.
  • Single solution for HR ,Talent ,Recruitment,Learning and payroll.
  • Automated processes and workflows.
  • Access from any device , PC, Mobile or Tablet.
  • Highly configurable solution to support complex organisations.
  • Legislative updates to ensure compliant solutions.
  • Real-time reporting, standard reports and advanced analytics, management dashboards.
  • UK owned and supported.
  • Advanced customer Portal.
  • Employee and Manager Self Service.


  • Reduce costs and inefficiencies through online workflows.
  • Aid strategic decisions through single of your workforce
  • Reduce HR admin by devolving responsibilities through self service.
  • Improve data accuracy by making employees responsible for their information.
  • Drive organisation performance by standardising talent management processes.
  • Focused recruitment, performance management and succession planning.
  • Outsourcing options to reduce risk and costs.
  • Ensure legislative compliance through regular updates.


£1.35 per person per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

6 1 9 1 6 2 7 1 6 9 7 2 2 8 3



Mary Watkinson

0115 945 6000


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints We have 4 maintenance weekends per year. A calendar is available with details of these dates
System requirements Browser Compatibility

User support

User support
Email or online ticketing support Email or online ticketing
Support response times This is dependant upon the urgency of the query and will be in accordance with our SLA.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels All our customers receive the same service level, our standard support includes: • Service Desk logging, available via the portal or by telephone, the manned service desk available from 09:00 to 17.00 hours (Monday to Friday excluding English Bank Holidays). • Through the dedicated support line customers are able to contact the service desk whereupon each call is given a unique reference number. The call is assigned to the appropriate member of the support team for resolution and is owned and tracked at all times by the service desk. • a Customer Portal where customers can log new calls, track the progress of open calls, browse frequently asked ques-tions (FAQs), view closed calls and receive forward notice of imminent releases. A rolling two week patch and fix schedule is published on the extranet, as is an up-to-date list of all existing patches and fixes. • the customer portal comprises a powerful search facility of existing support materials (e.g. documentation, articles, patches, calls) and is available 24/7. • an account manager who will discuss with you your ongoing support. Regular scheduled meetings with your account manager ensure you are able to obtain the most from your implementation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started MHR will work with the customer on a comprehensive implementation and training plan. MHR implementation takes a "done with " approach with the MHR consultants working closely with the customers own project team to ensure maximum knowledge transfer during implementation.This in conjunction with classic "train the trainer" classroom sessions make sure the customer is self sufficient after go live.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction There are a number of ways to extract the customer data at the end of the contract which include flat file , CSV or by using a BI tool such as business objects. If the customer wishes MHR to do this we will charge the standard consultancy rates for the number of days effort required.
End-of-contract process At the end of the contract there are no additional fees.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Responsive design detects screen size. This automatically adapts its user interface to best suit the device being used to access.
Service interface Yes
Description of service interface ITrent is truly web based and designed to be accessed over the internet via a web browser for all aspects of the solution.
Connections to iTrent are secured and data encrypted in transit using HTTPS/TLS.
Supported for use on laptops, desktops, thin clients and mobile devices including smartphones and tablets and supported for use on mainstream browsers including IE, Edge, Chrome, Firefox and Safari.
Mobile devices supported include Android and Apple and access using devices native browser.
iTrent has been developed in HTML5 and uses responsive design to automatically adapt the user interface, depending on the device/screen size being used.
Accessibility standards None or don’t know
Description of accessibility As outlined below, MHR’s web recruitment functionality conforms to the Web Content Accessibility Guidelines (WCAG) 2.0 level AA. Web recruitment will conform to WCAG 2.1 later this year. In summary, we are aiming for all functionality accessible to all users to be AA compliant and we are very close to achieving this.
Accessibility testing MHR’s web recruitment functionality conforms to the Web Content Accessibility Guidelines (WCAG) 2.0 level AA. Web recruitment will conform to WCAG 2.1 later this year.
MHR is working towards making the employee and manager self-service accessible with a large number of screens already conforming to the WCAG 2.0 guidelines.
We are working together with the Royal National Institute of Blind People to ensure that our products are accessible. RNIB have already implemented a number of our products and a variety of people with disabilities are using our software.
What users can and can't do using the API ITrent is enhanced with a suite of bi-directional web services allowing import/export to and from external systems.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The product is a highly configurable and tailorable solution with a novel approach to customisation that places this flexibility in the hands of the customer. New forms, new fields and user defined drop-down lists may be added by the user at no addi-tional cost. All of this additional information can be accessed for reporting. All the drop down lists may be populated with customer specific data and each customer's business processes may be mapped using the user configurable embedded graph-ical workflow functionality. Appropriate user defined fields are accessible by a pow-erful search facility. Users are also able to add fields to existing screens and forms. Authorised users can create new screens/forms and fields easily and simply by se-lecting parameters from a drop down list. Following user training, users can create any number of user defined fields and screens without the need of assistance from the supplier. System customisation can be performed by any user, subject to their security profiles. Customers have complete control over the user profiles.


Independence of resources The service is not multi-tenanted using virtualisation technologies to provide each customer with a dedicated environment. In order to ensure consistent response times the expected system demands are carefully assessed. Headroom is then factored in to ensure a comfortable quota of resource CPU, memory etc is allocated or procured and ensures that end user response times are not affected by resource intensive processes such as GTN, Costing etc. This is not a one off at system inception rather an ongoing process with regular system monitoring and health checks to continually track performance and response times.


Service usage metrics Yes
Metrics types We can provide availability reports on request, for statistics such as up time in a month.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach MHR does not encrypt customer information at rest as standard although this can be offered as a separate service if required using Oracle TDE methodology. This will use AES encryption.
MHR also use becrypt disk protect to encrypt all employee disks including laptops and USB drives.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All outbound data can be extracted using methods and utilities such as the inbuilt search facility or standard reports. The integrated report writer outputs in PDF, CSV and also in some cases in TXT whilst the search facility outputs to HTML, CSV and directly to Microsoft Word and Excel. Seamless mail merge facilities certify against RTF based mail merge allowing integration to any desktop office application such as Microsoft Office.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats
  • Flat file
  • XML file

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks Additionally MHR provide an SFTP service for transferring of data between customers and MHR. Data on the SFTP server is encrypted at rest and in transit. TLS for email encryption between domains is an available additional service, which is being adopted widely across our customer base. Alternatively MHR offer a secure mail service whereby notifications are sent to users; users are then required to login to the secure mail service portal to access emails.
Data protection within supplier network Other
Other protection within supplier network The company is fully ISO27001, ISO9001 and HMG backed Cloud Security Principles certified serving as the basis for the company’s business planning arrangements. Policies are in place to protect personal data include • Access Control • Data Protection • Handling Customer Data • Role-based access controls • HMG security cleared with NPPV Level 3 Police approval. • Fully compliant with the DPA 1998 holding data for over 300 organisations. • Registered with the ICO as a data controller. • Access to databases is restricted to security cleared database admins. • Full audit logs at application and database levels are captured.

Availability and resilience

Availability and resilience
Guaranteed availability 99.8% 24/7/365
Please see the SLA in the terms and conditions for more details.
Approach to resilience MHR have in place a Business continuity plan designed to ensure that MHR continues all functions in the event of a disaster. This plan is reviewed twice yearly and is dynamically updated as the organisation changes. MHR has been certified to ISO27001 since 2005 and are currently following the ISO22301 guidelines to en-sure we maintain structured approach to this part of our entire business (not just hosting Service continuity solutions and procedures are in place to ensure that the risk of having to invoke DR is significantly reduced. Both sites have many resilient features, which includes: Three phased power, Monitored UPS System capable of supporting IT infrastructure and essential systems. Diesel generator which kicks in within seconds of the main power failing and taking over from the UPS system. Power is distributed using APC units with dual feeds to each rack. All servers have multiple power supplies and network connectivity. Other resilient features include diversely routed communications links, N+1 air handling units, and 24/7/365 monitoring. All these facilities are supported by a service contract. We also have resilient BACS solutions at both sites and a further CHAPS backup should the primary solution fail.
Outage reporting The service is monitored and managed by a dedicated team of MHR staff utilising software such as SCCM, Spotlight for Oracle, Opnet. Any outages or issues are promptly notified to affected customers by telephone, email and through the service portal. For infrastructure upgrades MHR operate a quarterly maintenance window. This Is scheduled and communicated to customers one year in advance. For up-grades and patches to customer environments, necessary work is communicated to customers with plenty of notice. Customers can then schedule a suitable time for work to be completed by MHR's hosted IT team. A dashboard is also provided to customers including measurements relating to page (i.e. response time) performance and uptime. This provides customers with a set of visual performance indicators in a single view dashboard that provides both real-time and historical information.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication Access to iTrent is controlled via user name and password authentication. Alternatively users can authenticate using an external LDAP-based directory, such as OpenLDAP or Active Directory
ITrent can take advantage of Single Sign-On (SSO) via a Security Assertion Mark-up Language (SAML 2.0) protocol to login into iTrent. This allows the user access to iTrent without seeing the traditional logon form containing the user name and password fields.
The SSO configuration can also be modified to integrate with ADFS or Shibboleth.iTrent supports two factor authentication (2FA) for additional security when accessing the system.
Access restrictions in management interfaces and support channels Data and functionality access is assigned according to user definable security profiles. Once the user has successfully logged on with their password authenticated, they will be granted access according to the security profile in which they reside. Access to data may be controlled at functional, screen, and field level. Access to list content can be restricted with access defined as, fully editable, read-only, non-visible.
When accessing support channels, user accounts are created on MHR’s Service cloud portal. These are linked to an email address. Any calls to support are verified on details, such as address, email address, phone number etc.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyds Register LRQA
ISO/IEC 27001 accreditation date 27/09/2016
What the ISO/IEC 27001 doesn’t cover Entire business is covered
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • SOC2
  • BACS Approved

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials
Information security policies and processes All MHR security policies and processes are aligned to ISO27001:2013

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach MHR operate a change board chaired by IT director, we have a configuration management database, which is SharePoint for HROIT and ManageEngine for Internal IT. This forms part of our ISMS in line with service change control, ISO27001:2013. The customer change control process is built in line with ISO9001:2008 and ISO27001:2013, any changes of customer environments are all performed through a signed off change from both customer and MHR.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Infrastructure within MHR’s datacentres are regularly scanned using QualysGuard. Authenticated scans are performed to identify vulnerabilities. This data is supplemented by threat intelligence form NCSC, CERT and security industry bodies to feed vulnerability/patch management processes. The infrastructure is patched as required. Systems are regularly scanned by our Qualys suite to ensure all devices are at the required patch levels MHR perform an annual CREST penetration test of the software, hosted service and corporate network. Customers work with MHR to perform their own penetration tests as part of the due diligence process. In 2017 there were around 20 penetration tests conducted.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach MHR has its own professional hosted IT team that monitor the service and infrastructure 24/7/365.
Additionally the security system is monitored for exploits and vulnerabilities by our security partner 24x7x365 using a specialist Security Operations Centre. All perimeter devices are monitored real time using a SOC operated by NTT to a service level where all critical events are responded to within 30mins.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach MHR have incident management procedures as part of the ISMS, requiring all staff to log incidents. All incidents are assessed by a security forum attended by MHR's chief security officer who follow incident until resolution. Incidents are reviewed at department and exec level on a monthly basis.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.35 per person per month
Discount for educational organisations No
Free trial available Yes
Description of free trial MHR has a full system demo environment available on user request usually for a week at a time.

Service documents

Return to top ↑