Enthusiasm about the possibility of obtaining up to PLN 850,000 for digital transformation is enormous. However, the road from the “we apply!” decision to the moment when the funds actually appear in the local government’s account leads through a complicated and exacting formal process. An application for public funding is not a loose request, but a detailed, formalized business plan in which every comma and attachment matters.
For many Local Government Units that do not have dedicated fundraising units on a daily basis, the process can seem overwhelming. The fear of making a formal error that will disqualify the entire effort is real and justified. Small stumbles can derail great opportunities.
The good news is that with proper preparation and a methodical approach, the process can be greatly simplified and the risk of failure minimized. The purpose of this article is to provide you with a practical guide to the key steps and most common pitfalls in the application process. This is our attempt to “disenchant” the bureaucracy and show that the preparation of an effective application is within the reach of any municipality, even the smallest.
Shortcuts
- You have decided on a grant. Why now begins the most important stage - fighting the bureaucracy?
- What is a grant application and why is it the formal business plan for your project?
You have decided on a grant. Why now begins the most important stage - fighting the bureaucracy?
A strategic decision is one thing, but its execution is another. In the world of public funds, precision and compliance with procedures are absolutely key. The Managing Authority, the Center for Digital Poland Projects, operates under strict guidelines and regulations. There is no room for discretion, interpretations or verbal agreements. All that matters is what has been correctly and completely submitted to the system.
This is why the proposal preparation stage is so critical. It is a formal exam that tests not only the merits of your project, but also your diligence, reliability and organizational skills. Even the best idea for strengthening cyber security will be lost if the proposal contains formal errors.
However, this “fight against bureaucracy” should not frighten. It should be treated as part of a high-stakes game. Understanding its rules and meticulous preparation is the best investment in the success of the whole enterprise.
📚 Read the complete guide: Backup: Zasada 3-2-1 i najlepsze praktyki backupu
What is a grant application and why is it the formal business plan for your project?
The grant application should be treated like a formal business plan that we present to the investor (in this case, the Managing Authority). It must answer several fundamental questions in a coherent, logical and data-driven manner:
-
What is the problem? (Why do we need this money? What is our current state of security?)
-
What is the solution? (What exactly are we going to do? What technologies will we implement, what processes will we improve?)
-
How much will it cost? (What is a detailed and realistic project budget?)
-
What will be the results? (What specific, measurable benefits will this investment bring?)
Each section of the proposal serves to answer one of these questions. Taken as a whole, it must form a coherent narrative that will convince evaluators that entrusting public funds to you is the right decision, a legitimate one, and one that will have the desired effect of really strengthening cybersecurity.
Step 1: Where to find all the necessary documents and how to navigate the official program portal?
The first, absolutely basic step is to thoroughly familiarize yourself with the official competition documentation. All the necessary files - the rules of the competition, the template of the grant application, the catalog of eligible costs - are available on the official website of the “Cyber Secure Local Government” program and on the portal run by the Center for Digital Poland Projects.
You should download and carefully, several times read each of these documents. They are the source of law and the final oracle in case of any doubts. Particular attention should be paid to deadlines, evaluation criteria and detailed instructions for filling in the various fields of the application.
The application itself is submitted only electronically, through a dedicated computer system. It is worthwhile to get acquainted with this system at an early stage, create an account and “click through” its functionalities to avoid technical problems and unnecessary stress on the day of the final application.
Step 2: What role does the security audit report play in justifying the expenditure?
The section of the application, where we justify the need for the project and the planned expenses, is the heart of the project. This is where we need to convince the committee that our plan is based on a real diagnosis, not a wish list. And this is where the cyber security audit report enters the scene.
This is the most important appendix and the most powerful substantive argument in the entire proposal. By referring to specific audit findings, we can objectively and irrefutably justify any planned expenditure.
Instead of writing generally “We want to buy a firewall,” we write: “As the audit showed in 3.4, our network is flat and lacks segmentation, which creates a critical X risk. In response to this identified risk, we are planning to purchase and implement industrial firewalls for zone separation, as recommended by R12 in the report.” Such reasoning is precise, professional and extremely convincing.
Step 3: How to create an accurate and realistic cost estimate that will be accepted by the commission?
The project budget must be detailed, realistic and 100% in accordance with the catalog of eligible costs. Each item in the cost estimate must be justified and supported by a proper calculation. The best practice is to base the cost estimate on realistic bids or estimates collected from potential suppliers.
When creating a budget, it is important to keep all elements in mind. The cost of implementing a SIEM system is not only the software license, but also the cost of servers, implementation services, integration and training for administrators. A professional audit, conducted at the outset, should provide not only technical recommendations, but also budget estimates, which greatly facilitates the process.
It is also important that the budget be realistic. Prices that are too low, out-of-market, may raise suspicions about the accuracy of the calculations. Too high may be questioned by the commission as an attempt to inflate costs. This is why relying on realistic, collected bids is so important.
What are the most common formal errors that can cause your application to be rejected at the start?
The application evaluation path is a two-stage process. First, it undergoes formal evaluation. Only after it passes it, it goes to substantive evaluation. Unfortunately, many good projects drop out already at this first stage due to simple, trivial errors.
The most common formal errors include late submission of the application, lack of required electronic signatures, incompleteness of attachments, errors in the applicant’s identification data or submission of the application by an unauthorized person. These are errors that usually result from haste and lack of diligence.
To avoid them, create an internal checklist and verify each element of the application several times before final submission. It is also worthwhile to have the final version read by a person who was not involved in its creation - a “fresh look” often allows you to catch simple mistakes that escaped the authors.
”Golden rules” of a successful grant proposal
PrincipleDescriptionWhy is it important?1. start with diagnosisDon’t plan your spending before you have a professional audit done.The audit provides objective data that underpins reliable justification and cost estimates.2. be precise and specificAvoid generalities. Tie each planned expenditure to a specific, identified risk. Precision builds your credibility and shows that you have a well-thought-out plan, not a wish list.3. take care of the paperworkRead the regulations five times and meticulously check each attachment and signature.Formal errors are the most common and painful cause of rejection of good projects.
Export to Sheets
What factual errors should you avoid to make your investment plan coherent and convincing?
After passing the formal evaluation, the application goes to experts, who assess its sense and logic. The most common substantive error is the lack of consistency between the diagnosed problems and the planned solutions. A proposal in which the audit indicates a problem with a lack of backups, and the main expense is an advanced mail protection system, will be judged illogical.
Another mistake is to plan for the purchase of technology without considering the cost of implementing, maintaining and operating it. The committee wants to see that you are thinking comprehensively. If you plan to purchase a SIEM system, you must also plan and budget for training for the people who will operate it, or the cost of an external monitoring service.
It is also necessary to avoid “form over substance” - planning the purchase of extremely expensive, advanced solutions that are disproportionate to the scale and real needs of a small municipality. The investment plan must be adequate, realistic and cost-effective.
Why is the appointment of an internal project leader crucial to the smooth preparation of an application?
Preparing a grant application is a complex project that requires coordination among many people and units in the office - from IT to finance to legal counsel and management. To avoid chaos and delays, it is absolutely crucial to appoint one person to lead or coordinate the entire project.
This person doesn’t have to write the entire proposal himself, but is responsible for keeping an eye on the schedule, gathering the necessary information from the various departments, coordinating the work and ensuring that the final document is consistent and complete. Without such an “owner,” a project can easily get bogged down due to dilution of responsibility.
The project leader should be a well-organized, communicative person with a mandate from management to enforce tasks on other employees.
How to describe the goals and indicators of the project so that they are measurable and in accordance with the regulations?
Every grant application must include clearly defined project goals and measurable indicators to assess whether these goals have been achieved. Avoid general objectives, such as “improve cyber security.” Instead, use specific and measurable objectives that follow the SMART methodology.
An example of a good objective might be: “Implement a central backup system to reduce the target recovery time objective (RTO) for critical systems from 48 hours to 4 hours by the end of the project.” The output indicator here will be “number of systems implemented: 1”, and the result indicator will be “RTO for critical systems: 4 hours”.
Precisely defining goals and indicators shows that you know what you want to achieve and how you will measure the success of your project. This is another element that builds your credibility as a professional applicant.
What attachments do you need to make sure your application is complete?
The competition regulations precisely define the list of required attachments. Their completion is crucial for a successful formal evaluation. In addition to the application form itself, it is usually necessary to include statements of eligibility, documents confirming the legal status of the TSU and authorizations for the persons signing the application.
In the case of the “Cyber Secure Local Government” program, although it is not mandatory, the most important and valuable attachment is the cyber security audit report. It is it that provides the substantive basis for the entire application. It is also worthwhile to include the bids or estimates collected to substantiate the cost estimate presented.
Before submitting the application, review the list of required attachments several times and make sure that all of them are prepared in the correct format and attached to the application in the system.
How much time does it realistically take to prepare a quality proposal?
Preparing a quality proposal is a process that takes time. Trying to do it in a few days, just before the deadline, is almost a sure recipe for failure. Realistically, you should plan on 4 to 8 weeks from decision to submission of a complete application.
This time is needed for conducting or commissioning audits, gathering bids from suppliers, internal consultations and writing the proposal itself. Remember that key people in your office also have other ongoing responsibilities. Being in a hurry leads to mistakes, stress and a reduction in the quality of the final product. This is why it is so important to take action well in advance.
What happens after the application is submitted, that is, what is the evaluation process like?
Once the application is submitted in the electronic system, the formal process of its evaluation by experts of the Center for Digital Poland Projects begins. As mentioned, the first stage is the formal evaluation, which verifies the completeness and correctness of the application in procedural terms.
Applications that pass this stage go to substantive evaluation. In them, a panel of experts evaluates, among other things, the accuracy of the diagnosis, the logic and consistency of the investment plan, the adequacy of the planned expenditures, and the realism of the stated goals and indicators. It is at this stage that the quality of your justification, based on the results of the audit, is crucial. Once the evaluation is complete, you will receive an official decision on whether to award (or not to award) the grant.
Related Terms
Learn key terms related to this article in our cybersecurity glossary:
- Network Security — Network security is a set of practices, technologies, and strategies aimed at…
- Backup — Backup, also known as a backup copy or safety copy, is the process of creating…
- Cybersecurity — Cybersecurity is a collection of techniques, processes, and practices used to…
- Firewall — A firewall, also known as a network firewall or security barrier, is a security…
- Cybersecurity Incident Management — Cybersecurity incident management is the process of identifying, analyzing,…
Learn More
Explore related articles in our knowledge base:
- Hyperconverged infrastructure - What it is, HCI in practice, benefits and application examples
- Simplified web application security: Key features of FortiWeb
- What is a WAF (Web Application Firewall) and how does it work?
- 12 Tips to Improve Cybersecurity in Your Organization
- Amendment to the NSC Act (NIS2): What new obligations await Polish companies and how to prepare for them?
Explore Our Services
Need cybersecurity support? Check out:
- Security Audits - comprehensive security assessment
- Penetration Testing - identify vulnerabilities in your infrastructure
- SOC as a Service - 24/7 security monitoring
