A2Z technologies Ltd

Luna HR

Our HR application boasts plentiful features which aim to drive the efficiency of your organisation. Manage onboarding, employee data and files, leave, expenses, performance management, reports and documents that your entire team will enjoy using, and with ease. Optimised and accessible anywhere on all devices and browsers.


  • Easy to use interface, little end user training required
  • Core, Leave, Expense and Performance Management Modules Available
  • Remotely Accessible via Computer, Tablet or Mobile Device
  • Securely Cloud Hosted
  • Only Requires HTTPS access
  • GDPR Compliant
  • Highly Configurable Modules
  • Quick and Easy Onboarding
  • Fully Encrypted and Indexed 'Filing Cabinet' for all HR Documentation


  • Intuitive and Simple to Use
  • Accessible Anywhere from any Device
  • Fully Audited
  • Secure and Safe to Use
  • One Place for Everything HR Related
  • Scaleable and Sustainable
  • 24/7 Support
  • Only Pay for What You Use
  • No Setup Costs


£1.50 to £5 per person per month

Service documents

G-Cloud 10


A2Z technologies Ltd

Mohammed Azir Razzak



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Our software has been optimised for the Azure Cloud platform, secure containers for each organisation.
System requirements
  • Browser
  • Anti-virus
  • Secure Internet Connection

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times vary depending on how busy the support team is. In general, the average response time is under an hour. However as mentioned, it depends on how busy the support team is and whether it is the weekend or not.

Weekend times will be slower as not all of our support team will be working, however we still offer support on the weekend and queries should be answered on the day of ticket submission.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing The webchat on our website is a professionally developed premium plugin that adheres to EN 301 549 9 and GDPR regulations in accordance to our Privacy Policy. Similar accessibility testing was carried out to that of the actual software accessibility testing. This testing was carried out by the same personel.
Onsite support Yes, at extra cost
Support levels Currently our support is universal across the product. Our standard support plan which comes with the licence, includes unlimited web chat, phone support, tickets and email support. If a client needs in house support or premium support this can be arranged at an additional cost.

The support team composes different levels. The 1st tier is where initial customer queries will be handled. These are handled by a support team who also perform remote support for clients. All staff are inhouse and completely familiar with LunaHR which they have been involved and assessed with the development of the application and know the functionality inside and out.

In the event of a problem the issue will be escalated to second tier support, i.e. those with a more technical background in the software and hosting environment.

In the event of a functional issues, this will be raised with our development team.
Typically, when a customer support query comes in, the tier 1 will know whether they can solve it straight away, if not they will escalate to the correct team.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started For the service setup, the administrator must complete a step by step setup of the system. Once the basics have been setup, the administrator is given more instructions and to do lists, to customise the system to how they need it. After customisation, company and user data can easily be imported, assistance from our support team is available.

For users, upon starting the service, instructions are available on each page describing the functionality. Not to mention this system was built to be intuitive and simple to use.

In addition to all of this, we have user documentation in the form of videos, flow charts and a comprehensive knowledge base. Moreover, and especially for setup, our support team will be on hand to assist where required.

Onsite and remote training can be requested.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Video (MP4)
  • Paper format (can be requested)
End-of-contract data extraction Data can be extracted by exporting into a CSV file. However, users should contact the support team who would be happy to help with data extraction upon contract termination.
End-of-contract process Upon contract termination data will be exported to the client upon request. There are no additional or hidden costs at the end of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The application was made to be responsive and suitable for all devices by utilising the dynamic framework bootstrap along with custom CSS. The functionality and features is completely the same regardless of the device being used.
Accessibility standards None or don’t know
Description of accessibility Can:
Text alternatives for non-text content (controls, time based media, test, sensory, decoration, formatting, invisible)
All functionality can be used by keyboard
No 'flashes' are used
Pages Titled
Navigation sequential
Link Purpose
Multiple Ways
Headings and Lables (using appropriate H1,H2,H3,H4 tags)
Language of Page / Parts
On focus / input
Consistent navigation / identification
Error identification
Lables and Insutructions
Error Suggestion
Error prevention (data, legal, financial)
Conformance requirements
Document success criteria

LunaHR has yet to use or implement videos / audio and therefore no accessibility for this
Text can't be resized (but added to roadmap)
Accessibility testing LunaHR was developed from scratch with an emphasis on accessibility in accordance to W3C. Subsequently, testing with users of assistive technology was carried out.

User stories were executed as we didn't have access to people with accessibility issues. Tests were replicated based on accessibility issues and the supporting resources were used to carry out the tests.

For eye sight difficulties magnifier was used to see how it would interact with LunaHR. Zooming in and out was used to test all the functionality on the product.

Screen readers and also analysing the code in the backend to make sure the screen readers work as intended was used.

Help textthroughout the software solution was analysed and each input, non-text, controls, sensory and so on had the required alt text and titles.

Navigation was checked throughout to make sure it still works in various scenarios and that is functional when supportive resources are used. Likewise, navigation was checked to be sequential and getting to certain pages could be done in more than one way.

Validation, error prevention / identification has been implemented throughout LunaHR. This has been checked throughout and improved where it was unclear during testing.

Other tests relating to W3C done
What users can and can't do using the API Full RESTful API.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation LunaHR is flexible. The frontend has many options for configuration, but if needed support can help and more advanced customisation can be carried out.

What can be customised?

Work patterns, user profiles, permissions, departments, expense categories, mileage, leave years, public holidays, languages, organisational units, roles of departments, notification settings, message settings, company settings, leave settings, expense settings, individual user settings, attendance settings, workflows and so on.

How users can customise?
This can all be done in the front end. Options were designed to be simple and straight forward. For example, a user can add a custom avatar for their profile picture and change their personal details by just going into their user profile on their account. They may also add documentation, assets, emergency contacts and so on.

Who can customise?
This depends on the roles of the person using the application, it should be noted roles can be edited also. In general, the admin (more than one can be created) has all options. Lesser roles such as an expense approver do not have the same options. Specialised roles such as HR can edit user profiles and maintain HR records about employees.


Independence of resources First of all it should be acknowledged that LunaHR keeps analytics of how the server(s) are performing and the cloud infrastructure team will be alerted if performance becomes an issue.

Secondly, various measures have been put into place to prevent this from happening. For example, our servers utilise load balancing and capacity thresholds to address demand and have failover plans to prevent downtime.


Service usage metrics Yes
Metrics types Available to our users at a management and supervisor level are the reports which can be ran within the application to monitor leave, sickness, expenses, etc.

System up time and resource performance can be provided on a monthly basis where requested.

Additional reporting can be created upon request and tailored to the clients requirements.
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users can either request for their data to be exported in the file extension of their choosing or for certain data can do it themselves. For example report making can be done within the interface of LunaHR.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • Excel
  • Word
  • SQL
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Secured containers and secured networks.
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability LunaHR has the following SLA for availability. Service to LunaHR is 24/7 with an uptime of 99.9%. Scheduled downtime is allowed however the users will need to be informed beforehand.

If we had extended downtime (multiple hours in a day, or multiple days in a month) or you emailed customer service and it took multiple days to get back to you, we would issue a partial credit to the clients account.
Approach to resilience Available on request
Outage reporting Outages will be reported through various means. Frequent updates will be posted via social media (twitter and facebook), email and through a public dashboard. There is also an auditing feature within LunaHR which can be accessed by users. Moreover, we will also update our LunaHR website with a notice of the outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication The users will also need to know their tenancy name - their username and password isn't enough authentication for login on the default login page. In other words, username, password and tenancy are all required together.
Companies are able to choose a personalised and unique subdomain for their tenancy for example domain.mysite.com where the tenancy name is not required.
Access restrictions in management interfaces and support channels Access is restricted based on user roles and permissions that are defined at administrator level.
Standard roles and permissions exist in the system, custom roles can be created and any field and function can be allowed or restricted by using the advanced permissions section.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Security Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards A2Z Technology has recently completed the Cyber Essentials Security accreditation which includes Governance and Security and part of the accreditation.
Information security policies and processes A2Z technology has in house documentation which was created to meet our business requirements and Cyber Essentials Security, including encrypted hard drives, mobile device management and bio-metric where available. All data is encrypted at rest and during transportation, whether SFTP, HTTPS or Encrypted files with separate encryption key.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach A2Z follows a Development, Test and Live control versioning which allows us to test for security vulnerabilities and issues before implementing into the live version.
Before deploying into test environment the changes are reviewed by a CRB (Change Review Board) and then a security check is completed before testing has completed to ensure the product still meets security requirements before deploying into live.
All results from test are highlighted to the CRB and confirmed before release into the live environment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Potential threats are reviewed by the technical and development team with a risk category of 1-4.
4=Info, 3=Low, 2=Medium, 1=High
High risk patches are deployed ASAP with a target of <24hrs
Medium risk patches are deployed within 5 working days
Info and Low risks are deployed within next quarterly updates
Azure services provide an environment with rolling security updates.
We have monitoring services within Azure to alerts of issues and potential risk, investigation of user issues, access control review (location based), and research with cyber security forums and news sites to remain up to date with the latest vulnerabilities.
Protective monitoring type Supplier-defined controls
Protective monitoring approach A2Z run regular checks on their environment looking for vulnerabilities, teamed with their research on the latest threats we perform a proactive analysis of the environment a monthly bases.
Isolation of any potential compromise to ensure that the incident or breach is unable to be exploited further, this could include taking sections or applications offline if a major breach is detected.
When the incident has been detected within, 24hrs both technical and development teams work to Isolate, Prevent and Resolve.
Investigation of the breach to be completed ASAP within 5 working days.
Incident management type Supplier-defined controls
Incident management approach Incidents are raised with a teir 1 team who will complete initial investigation and troubleshooting. If they are unable to resolve this issue they will then escalate to the correct team for development or systems changes need to be modified.
Users can report incidents via email, web chat or telephone.
All incidents are logged within a service desk application and a report can be produced upon request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.50 to £5 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The trial version of Luna HR is available to anyone who signs up with a valid email address. This includes all the functionality and support you would get in the full-paid version. The trial lasts 1 month but can be extended to 3 months upon request.
Link to free trial https://lunahr.co.uk/


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑