Security and Trust at the Core of AIMS Grant Management
As more organisations turn to digital solutions for managing their funding programmes, confidence in cloud-based systems’ security, reliability, and regulatory compliance has never been more important. At AIMS Software Limited, we understand that trust isn’t earned through promises but through proven practice.
That’s why we’ve built security and risk management into the DNA of our grant management software. From hosting architecture to access controls and compliance frameworks, every element of AIMS is designed to protect your data, meet your governance obligations, and adapt to the evolving threat landscape.
Certified to Internationally Recognised Standards
We’re proud to hold two key security certifications.
ISO/IEC 27001:2022 – the leading global standard for information security management systems (ISMS), covering not just technology, but also people, processes, and governance.
Cyber Essentials Plus – an independently audited UK government-backed certification that verifies robust technical controls are in place, including firewalls, patching, secure configurations, and user access controls.
Together, these certifications demonstrate a mature and continuously managed approach to securing sensitive data, whether held on behalf of funders, applicants, or reviewers.
Designed with European Compliance in Mind
AIMS is used by clients across Europe. Our security model is fully aligned with European public sector expectations. Here’s how our certifications and controls map to key frameworks:
| European Requirement | AIMS Alignment |
| GDPR Article 32 – Security of Processing | ISO 27001 provides robust frameworks for data confidentiality, integrity, and availability. |
| NIS2 Directive (EU cybersecurity directive) | ISO 27001’s focus on risk management, incident response and supplier assurance aligns directly with NIS2 requirements for essential and important entities. |
| National schemes such as Spain’s ENS, Germany’s BSI IT-Grundschutz | ISO 27001 is formally recognised or accepted as a baseline by many national security schemes. |
| Public cloud assurance (e.g., France’s SecNumCloud) | While not directly certified under these national schemes, AIMS’ infrastructure design and practices meet many of the core expectations of secure cloud hosting. |
Robust Hosting, Access Control, and Monitoring
Our hosting is delivered on Oracle Cloud Infrastructure’s Gen2 platform in European data centres. AIMS Software retains full control of all firewalls, application servers, databases, and user access.
Key features include:
- Multi-Factor Authentication (MFA) on all access points
- Client-dedicated environments – no shared databases or platforms
- Encryption of data at rest and in transit
- Independent annual penetration testing and regular internal vulnerability scans
- Auditable role-based access controls with segregation of duties
- Proactive patching and key management in line with ISO controls
We do not rely on third-party single sign-on (SSO) or autonomous platform services that could introduce additional risk. Instead, our configuration prioritises transparency and control, with all components monitored by our internal security and infrastructure teams.
Built for Resilience and Scalability
Security is not a static goal—it’s a continual process of adaptation, learning, and improvement. Our ISO 27001 certification is not just a badge; it’s a commitment to:
- Regular security reviews and internal audits
- Documented incident response and disaster recovery plans
- Formal risk assessments and mitigation strategies
- Third-party supplier vetting and monitoring
- Ongoing training for staff and administrators
Whether you’re managing a small grant scheme or a national funding programme, you can be confident that AIMS offers not just the flexibility you need, but the protection you require.
Trust, Transparency, and Confidence
We believe in open, collaborative relationships with our clients. That means full visibility into how your system is hosted, how data is protected, and how risks are managed, backed by independently audited standards.
If you’d like to learn more about how AIMS’ security framework maps to your internal requirements or national standards, we’re happy to provide further documentation or walk you through our controls in detail.
In a world of increasing cyber threats and compliance complexity, AIMS gives you the confidence to focus on what matters: delivering funding where it’s needed most.
Read more about how we manage your data and security
-
Compliance Beyond the Public Sector: Challenges for Research, NGOs and International Development
When we think about compliance in grant management, most attention falls on public sector obligations like the AI Act, Data Act, Procurement Act, or NIS2. But for research councils, charities, and international development agencies, sector-specific compliance frameworks are just as critical — and sometimes more complex. Research Sector NGOs & Charities International Development Cross-Cutting Themes […]
-
Reliability by Design: How AIMS Stayed Online When Others Went Down
In recent months, major outages have been reported across some of the world’s leading cloud platforms, including Azure and AWS, affecting thousands of organisations worldwide. Systems went offline, websites froze, and essential grant workflows were disrupted — reminding everyone how dependent modern operations have become on large-scale cloud providers. At AIMS, we took note — […]
-
Future-Proofing Compliance in Grant Management: What Funders Need to Know for 2025–2027
Compliance, particularly in the Public Sector, is no longer a background task. For funders in the UK and EU, regulations around artificial intelligence, data, procurement, accessibility, and cybersecurity are reshaping how grant management systems (GMS) must be designed, delivered, and governed. Choosing the right system today is about future-proofing for tomorrow’s obligations. Artificial Intelligence Act […]
-
Making End-of-Year Reporting Easier for Grantmakers
As we enter Q4, grantmaking organisations everywhere are busy compiling reports, analysing outcomes, and preparing for annual reviews. End-of-year grant management reporting can be one of the most time-consuming parts of the grant cycle, but it’s also one of the most valuable. It’s the moment when data turns into insight, helping funders measure impact, identify […]
-
Buy vs Build in Grant Management
When organisations plan new grant management systems, one question surfaces time and again: should we buy a proven solution, or build one on existing platforms? Clear policy direction Governments across Europe have set out strong guidance on this choice. In the UK, the Technology Code of Practice emphasises buying commodity software where it exists, and only building bespoke solutions when there […]
-
Beyond Features: How Process Scope Shapes a Successful GMS Tender
When grantmaking organisations begin looking for a new Grant Management System (GMS), the starting point is often a long list of functional requirements. Features matter, of course – from online applications to reviewer portals and reporting dashboards. But experience shows that it’s the process scope – the way applications are received, reviewed, approved, paid, and monitored – […]
