Digitizing HR operations for one of Kenya's largest security firms — from paper filing cabinets to a secure, centralized digital platform serving 8,000+ personnel.
GardaWorld Security Kenya — formerly KK Security — operates a nationwide network of branches in Nairobi, Mombasa, Kisumu, Eldoret and Nakuru, employing over 8,000 security professionals across manned guarding, electronic surveillance and facilities management. Every employee record — qualifications, licences, deployment history, training completions — was stored in physical paper folders inside filing cabinets.
Field research with the HR department confirmed the cost: retrieving a single file took 5 to 15 minutes or longer, with every surveyed respondent reporting slow retrieval and half reporting physical file damage. Records were misfiled, duplicated, or lost. Sharing information between branches required physically moving folders or making photocopies — and with no access controls or audit trail, anyone with physical access to a cabinet could read or modify sensitive employee data.
As the workforce grew, these inefficiencies compounded. The HR department was spending the majority of its time on administrative search tasks instead of strategic workforce planning.
I designed and am developing a custom Human Resource Management System tailored specifically to GardaWorld's operational structure — not a generic off-the-shelf tool, but a platform built around how a security company actually works: guard deployment histories, licence renewals and security clearance documentation.
The system is built on a three-tier client–server architecture: a React Native frontend serving both the web management portal and mobile devices from a single codebase, a Laravel 11 REST API enforcing the business logic, a MySQL 8.0 relational database, and Backblaze B2 cloud storage for secure document handling. Role-based access control ensures HR officers, supervisors, employees and administrators each see only what they are permitted to access.
The platform is organised into six employee-centred modules:
Across every module, the system maintains tamper-evident audit logs of every record creation, modification and deletion, tracks deployment history per branch, and sends automated alerts before security licences or training certificates expire.
Employee records in a security firm are extremely sensitive — national IDs, clearance letters, disciplinary files, and salary information. My background in networking and cybersecurity directly informed how this system was designed.
Every API endpoint is authenticated via Laravel Sanctum token-based sessions. Passwords are hashed with Bcrypt and all transfers occur over HTTPS. Documents are stored in private Backblaze B2 buckets accessed through S3-compatible APIs, never on the application server. Input validation guards against SQL injection and XSS, database access is role-scoped so no single user has unrestricted access to the full dataset, and the automated audit log records who touched what, and when.
Employee records, payroll and recruitment data are operationally critical — a direct cut-over would put HR service delivery at risk if the new system encountered defects in production. The deployment plan instead runs the paper system and the HRMS side by side until the digital records prove themselves.
Prototype builds of the GardaWorld HRMS client are available below for evaluation. Each release is built from the same React Native codebase and connects to the Laravel API. The installation guide walks through setup, first login and role configuration — recommended for first-time evaluators, but optional.