PASS funding management suite (PASS FMS)

Web-based funding management software – from application to accounting

Next generation grants management

System for legally compliant administration of application, processing, payment and reporting of subsidies

Flexibility as a design principle

The Funding Line Builder (PASS FLB)

Setting up a new grants-scheme requires extensive coordination processes as well as detailed, careful and legally secure elaboration. The result of this work must nowadays be available digitally, as quickly as possible and without loss of quality. Our Funding Line Builder enables exactly that: The mapping of funding measures in the IT environment – fast, efficient and fully functional.

In doing so, PASS FLB relies on the latest technological standards: Based on our more than 15 years of experience in the implementation of different grant-schemes in IT environments, we have identified recurring processes that are necessary in doing so. The respective core of an elementary process was worked out from the different characteristics and mapped in the Funding Line Builder so that it can be combined to form an overall system. This ensures that all grants-schemes are mapped completely and correctly. From our elementary processes, we compile all processes that correspond to specific requirements – regardless of whether they involve procedures under grant law, especially project funding, or loans, guarantees and equity investments.

Compared to platforms with a so called “low-code” approach, which quickly reaches its limits for complex and data-heavy applications, there are no restrictions with our solution.

Funding scheme of the grant management system

The grant management system is able to map different forms of funding in the common funding approaches.

Highlights

E-Government

E-Government

Meet all requirements for digital application, processing and management of the grant.

OZG

OZG

Consideration of the requirements of the german Online Access Act (OZG) to administrative services. In addition to current design principles in this environment, the grant management system achieves OZG maturity level 3 in the relevant functions.

Reporting

Reporting

Reports for effective controlling of funding activities, including application data, payment flows, payment statuses and audits.

Digital signature

Digital signature

Depending on the legal basis of a grant, different ID cards or fully electronic solutions can be used to replace the written form requirement. Use of advanced digital signatures for communication to beneficiaries. PASS FMS is eIDAS-compliant.

Plausibility check

Plausibility check

Automated plausibility checks for legally compliant processing of your grants. Definition of even complicated rules with our rules engine.

Sequence of a funding process

The grant management system maps the process steps shown:

Screenshots of our grant management system

Audit and cyber security

In addition to historization and versioning, the grant management system guarantees change tracking within the software as well as user management down to the level of individual data fields. This means that all activities relating to the data can be tracked.

Since the grant management system has its roots in the European Social Fund (ESF), the issue of data protection was taken into account from the very beginning of development in order to be allowed to store the sensitive, personal data of participants in accordance with German data protection requirements. The requirements of the DSGVO, e.g. detailed deletion concepts, are mapped. Of course your grants management system can be adjusted according to the rules in your country.

We are compliant with ISO/IEC 27001 and the security concepts in development and hosting/operation are based on the following standards and specifications, among others:

  • German BSI Standard 200-1 (Information Security Management Systems - ISMS),
  • German BSI standard 200-2 (basic IT protection procedure),
  • ISO/IEC 27005 (Information technology - IT security procedures - Information security risk management),
  • German BSI Standard 200-3 (risk analysis based on german “IT-Grundschutz”) and
  • German BSI Standard 200-4 (Emergency Management).

The safety level is based on the standards

  • German BSI standard "Guideline for the development of secure web applications - recommendations and requirements for contractors",
  • German BSI 2013, ÖNORM A 7700 (Security requirements for web applications),
  • OWASP Application Verification Standard (ASVS),
  • OWASP Development Guide,
  • OWASP Testing Guide and
  • OWASP TOP 10 (checklist of the 10 biggest threats to web applications and measures against them).

Operation in our own data center

We provide the entire infrastructure of its own Tier 3.5 data centers to operate the grant management system.

Data Center Services:

  • Monitoring by means of suitable monitoring systems
  • Data backup measures
  • Troubleshooting
  • Health check measures
  • Import of security updates
  • Identification and classification of faults
  • IMAC for operating components in the data center

Compliance with the following regulations/standards:

  • Hosting in compliance with ISO/IEC 27001:2013
  • Implementation of technical and organizational measures according to Art. 32 DSGVO
  • EN ISO 9000 ff - Usage of an own quality management system (QMS), which at least complies with ISO 9000
  • CMMI-SVC - The QMS of PASS in combination with the alignment to ITIL fulfills these requirements
  • Alignment according to ITIL
  • Support of the IDW PS 951 standard at the data center level

IT Service Management:

  • Implementation of optimization measures
  • IT Emergency Management
  • Acceptance tests and release for production
  • Reporting
  • User management
  • Compliance Controlling
  • Documentation

Stephan Göttlicher

PASS Consulting Group

+49 60 21 . 38 81 75 29