Cross-Cutting Concerns
🔐 Role-Based Access Control (RBAC)
📋 Qatar Labour Law Compliance
🛡 Data Encryption (AES-256 at rest & in transit)
📝 Immutable Audit Logs
🔔 Multi-Channel Notifications
📊 Reporting Engine (150+ reports)
🌐 Multi-Language & Multi-Currency
♿ Accessibility (WCAG 2.1)
L1
Guiding Principles
— Strategic drivers shaping every design decision in KafaaOne
Operational Intelligence
Real-time visibility into every guard, site, and operation across all client accounts
Qatar-First Compliance
WPS, Qatar Labour Law, EOSB, and MOL regulations baked into every workflow
Mobile-First Architecture
Guards, supervisors, and managers operate entirely from mobile devices in the field
Unified Data Model
One platform, zero silos — payroll, operations, HR and finance share a single source of truth
Enterprise Scalability
Designed to scale from 50 to 50,000+ employees across multiple companies and geographies
L2
Business Architecture
— Operational context, workforce value chain & business processes
Business Context
Security & Manpower Industry
Facility Management
Qatar & GCC Operations
Multi-Client / Multi-Site
Distributed Workforce
24/7 Operations Model
Business Strategies
Workforce Cost Optimisation
Compliance-First Operations
Client Retention via SLA
Digital Transformation
Workforce Operations Value Chain
Recruit
Source → Screen → Hire
Deploy
Roster → Assign → Guard
Operate
Patrol → Attend → Inspect
Compensate
Calculate → WPS → Pay
Optimise
Analyse → Forecast → Improve
Core Business Processes
Guard Lifecycle Management
Client Contract Management
Site Operations & Deployment
Payroll & WPS Compliance
Incident & Risk Governance
Financial Planning & Reporting
Training & Certification Mgmt
Vendor & Procurement Ops
Governance Structure
Executive Command Dashboard
Operations Management
HR & Payroll Administration
Finance & Audit Control
Client Account Management
Compliance Frameworks
Qatar Labour Law
WPS / SIF (MOL)
EOSB Regulations
Data Protection (PDPL)
L3
Application Architecture — KafaaOne Module Domains
— All apps, modules and their capabilities
Operations
8 Apps
Projects & Sites Core
Client project creation & configuration
Site/location setup with GPS coordinates
Post & position definition per site
SLA configuration per client
Project profitability tracking
Contract renewal reminders
Smart Rostering AI
AI-assisted roster generation
Shift template library & drag-drop editor
Auto conflict detection (double booking)
Day-off & overtime eligibility rules
Relief guard pool management
Multi-week roster planning & approval
Deployment Planning Core
Guard-to-site assignment engine
Minimum manning threshold alerts
Relief auto-suggestion on absence
Skill & certification matching
Shift handover management
Deployment change audit log
Patrol Monitoring Live
NFC & QR checkpoint scanning
GPS live guard tracking on map
Patrol route definition & scheduling
Missed checkpoint escalation alerts
Geo-tagged checkpoint management
Patrol performance reports by guard
Incident Management Governance
Digital incident report with photo/video
Severity classification & multi-level escalation
Root cause & corrective action tracking
SLA breach monitoring & alerts
Client-visible incident reports
Site Inspections Audit
Configurable digital checklists
Photo evidence per checklist item
Pass/fail scoring & non-conformance tracking
Scheduled & ad-hoc inspections
Client inspection report sharing
Client CRM CRM
Client account & contact management
SLA definition & monitoring
Service agreement & contract lifecycle
Client portal access provisioning
Contract renewal workflow
Ops Live Dashboard Live
Real-time guard deployment map
Live attendance rate & exception alerts
Active patrol status per site
Open incident counter
Multi-site consolidated view
HR & Workforce
8 Apps
Recruitment Hire
Job requisition & approval workflow
Applicant tracking system (ATS)
CV upload, screening & interview scheduling
Offer letter generation
Background check & visa pre-screening
Onboarding & Docs Onboard
Digital onboarding checklist
Contract generation & e-signing
Visa, QID & passport expiry tracking
Medical fitness & work permit tracking
Document vault & completeness score
Attendance Management Daily
Geo-fenced mobile check-in/out
QR code attendance at site
Selfie verification (anti-spoofing)
Biometric device sync (ZKTeco, Suprema)
Late & absent alert engine
Timesheet auto-generation
Leave Management HR
Leave policy engine (annual, sick, emergency)
Online leave request & approval workflow
Leave balance tracking & accrual
Leave encashment calculation
Public holiday & leave calendar
Performance Management HR
KPI definition per role & guard scorecard
Patrol compliance rate as KPI
Disciplinary record & warning workflow
Quarterly review cycles
Performance improvement plans
Employee Self-Service ESS
Payslip download & salary history
Leave request submission & status
Own roster & attendance view
Document upload & request centre
Clearance & resignation initiation
Offboarding & EOSB Exit
Resignation submission & approval
Clearance checklist (assets, access, accommodation)
EOSB auto-calculation (Qatar Labour Law)
Visa cancellation tracking
Experience certificate generation
Training & Certifications Compliance
Training course catalogue & assignment
Certification expiry alerts
License & permit management
Mandatory training compliance reports
On-the-job assessment records
Payroll & WPS
5 Apps
Payroll Engine Core
Basic salary structure per employee
Multiple overtime policy support
Day-off premium calculations
Allowance automation (transport, housing, food)
Deductions management (loans, penalties)
Advance salary management
Multi-project payroll splitting
Variable pay components
Bulk payroll processing & preview
Final payroll lock & archive
WPS / SIF Generation Qatar Law
One-click SIF file generation (MOL format)
Qatar WPS v1 & v2 compliance
Bank-wise payment grouping
Salary payment status tracking
Multi-bank support
Failed payment handling & retry
WPS submission history
EOSB Calculator Qatar Law
Qatar Labour Law Art. 54 formula
Service duration & pro-ration logic
Unpaid leave deduction handling
EOSB projection for active employees
EOSB liability report for finance
Advance EOSB provision tracking
Payroll Audit Trail Audit
Immutable calculation history per employee
Month-on-month variance analysis
Who-changed-what log
Locked payroll period protection
Auditor read-only access role
Timesheet Engine Core
Auto-timesheet from roster & attendance
Timesheet approval workflow
Overtime hours classification
Manual timesheet adjustments (with log)
Client-billable hours extraction
Finance & BI
5 Apps
Financial Reports Finance
Profitability by project & client
Payroll cost & overtime spend analysis
Revenue vs cost per site
Labour cost as % of revenue
EOSB liability balance sheet entry
Year-over-year workforce cost trends
Cost centre reporting
Export to Excel / PDF
Executive Dashboard BI
Real-time KPI summary cards
Operational health score
Payroll leakage detection alerts
Workforce utilisation rate
Site-wise profitability heatmap
AI anomaly alerts (unusual patterns)
Natural language queries (roadmap)
Client Billing Finance
Invoice generation per project/period
Billing by shift type & overtime rates
Client rate card configuration
VAT & tax support (Qatar)
Payment tracking & AR aging
Credit note & billing dispute workflow
Budgets & Forecasts BI
Annual headcount budget by project
Overtime cost budget vs actual
Labour cost forecast by month
EOSB provision forecasting
Scenario planning for new sites
Budget approval workflow
Procurement Finance Finance
Purchase order approval & spend control
3-way invoice matching
Spend analytics by category
Budget control per department
Vendor payment scheduling
Admin & Support
6 Apps
Procurement Admin
Purchase requisition & multi-level approval
Vendor catalogue & price lists
Purchase order generation
Goods receipt confirmation
Vendor performance scoring
Accommodation Admin
Camp/building/room inventory
Guard-to-room assignment
Occupancy rate & vacancy management
Utility cost allocation per room
Accommodation deduction to payroll
Fleet Management Admin
Vehicle registration & driver assignment
Mileage & fuel tracking
Scheduled maintenance alerts
Insurance & license expiry alerts
Fleet cost analysis
Uniform & Assets Admin
Uniform issuance by size & type
Return & replacement tracking
Laundry cycle management
Asset assignment & condition tracking
Asset return enforcement on offboarding
Inventory Control Admin
Stock item catalogue & bin management
Minimum stock level & reorder alerts
Stock transfer between locations
Inventory valuation (FIFO/AVCO)
Stocktake & reconciliation
Vendor Management Admin
Vendor registration, vetting & KYC
Preferred vendor list & contract terms
Vendor scorecard & performance tracking
Multi-currency vendor support
Vendor self-service portal (roadmap)
Mobile & Field Apps
4 Apps
Guard Mobile App Field
Geo-fenced check-in/out with selfie
NFC/QR patrol checkpoint scanning
Incident reporting with photo/video
Shift schedule & roster view
Leave request submission
Payslip access & ESS features
SOS / panic button for emergencies
Offline mode with auto-sync
Supervisor App Field
Live roster & deployment view
Attendance exception alerts
Patrol status per guard on map
Approve/reject leave & attendance edits
One-tap incident escalation
Shift handover confirmation
Client Portal Portal
Guard deployment visibility by site
Live incident notifications & SLA status
Inspection report downloads
Invoice & payment history
Monthly performance summary
Service request submission
Offline Mode & Sync Resilience
Local SQLite sync queue on device
NFC/QR patrol works without connectivity
Attendance capture queued offline
Conflict resolution on sync restore
Offline data encryption at rest
Integration & Platform
5 Apps
REST API Gateway Platform
RESTful API for all core modules
OAuth 2.0 / JWT authentication
Webhook event subscriptions
API key management & rate limiting
OpenAPI 3.0 documentation
Sandbox environment for testing
NFC / QR / GPS Engine IoT
NFC tag programming & reader support
QR code generation per checkpoint
GPS coordinates capture at scan
Tag tamper detection
Geofence boundary management
Biometric Integration IoT
ZKTeco, Suprema & HID device support
Fingerprint & face recognition sync
Real-time attendance push from device
Device online/offline status monitoring
Fallback to mobile on device offline
Notifications Engine Platform
Push, SMS, Email & WhatsApp Business
Configurable triggers per module
L1 → L2 → L3 escalation chains
Alert deduplication & frequency control
Emergency broadcast mode
Reporting Engine Platform
150+ pre-built standard reports
Custom report builder (drag & drop)
Scheduled delivery by email
Export to Excel, PDF, CSV
Data warehouse sync (BI tools)
Security & Access
3 Apps
RBAC & Identity Security
Role definition & permission matrix
User provisioning & deactivation
Single Sign-On (SSO / SAML / OIDC)
Two-factor authentication (2FA)
Session management & IP whitelist
Field-level data masking (e.g. salary)
Audit & Compliance Log Governance
Immutable log of all user actions
Data change history per record
Compliance report generation
GDPR & PDPL data residency tools
Auditor read-only access portal
Multi-Tenancy Engine Platform
Company-level data isolation
Shared infrastructure, partitioned data
Per-tenant configuration overrides
Tenant onboarding & provisioning
Cross-tenant admin console
L4
Integration & Service Bus
— Cross-module data flow, event bus, third-party connectors & APIs
⚡ Event Bus
Real-time module event streaming
Attendance → Payroll triggers
Incident → Notification pipeline
Roster → Deployment sync
🏦 WPS / Bank APIs
Qatar Central Bank WPS gateway
Multi-bank SIF submission
Payment confirmation webhook
Failed payment retry logic
📡 IoT / Hardware
NFC reader SDK integration
Biometric device API polling
GPS telemetry ingestion
QR scanner bridge
📲 Communication APIs
WhatsApp Business API
Twilio SMS gateway
Firebase push notifications
SMTP email service
🗂 Data Warehouse
OLAP cube for BI dashboards
ETL pipeline (nightly sync)
Power BI / Tableau connectors
Historical data archiving
🔌 Third-Party ERP
SAP / Oracle HR data sync
QuickBooks / Xero finance export
Legacy system migration tools
Custom connector framework
L5
Infrastructure & Technology Stack
— Cloud platform, data, security, mobile & network foundation
Cloud Platform
AWS / Azure multi-region hosting
Auto-scaling compute clusters
99.9% SLA uptime guarantee
CDN for static assets & media
Disaster recovery & failover
GCC data residency compliance
Data Platform
PostgreSQL primary RDBMS
Redis caching & session store
Elasticsearch for full-text search
S3-compatible media & doc storage
Automated daily backups
Point-in-time recovery (PITR)
Mobile Platform
React Native (iOS & Android)
Offline-first SQLite sync engine
NFC & QR SDK integration
Push notification via FCM / APNs
Biometric auth on device
OTA update delivery
Security Stack
AES-256 encryption at rest
TLS 1.3 for all data in transit
WAF & DDoS protection
Penetration testing (quarterly)
SOC 2 Type II compliance path
Secrets management (Vault)
Network & DevOps
Kubernetes container orchestration
CI/CD pipeline (GitHub Actions)
Zero-downtime blue/green deployments
Centralized logging (ELK stack)
APM & uptime monitoring
VPN & private network isolation