One identity, one approval engine, one source of truth.
Every RETRO.FMS module stands on the same foundation: single sign-on with role-based access, an approval matrix that routes any workflow by module, vessel, category, amount, and criticality, controlled documents with evidence tracking, versioned master data, and an offline-first design built for the satellite link. Vessels keep working with no internet for 30 or more days, and reconcile with shore when the link returns.
What it covers
The foundation layer
Identity & approvals
Single sign-on, roles and permissions, and a configurable approval matrix with SLA timers and escalations.
Offline resilience
An onboard agent that keeps the vessel working offline and synchronises with shore.
Documents & forms
Controlled documents, evidence, and a forms and checklists builder that works offline.
Data & analytics
Versioned master data and codes, with cross-module dashboards, exports, and APIs.
Identity & access
One login, the right access, everywhere.
Single sign-on (OIDC/SSO) with role-based access across the whole platform: roles carry granular page- and action-level permissions, governing who can see and do what in every module.
- OIDC single sign-on
- Role-based access platform-wide
- Page- and action-level permissions
Approval engine
Any workflow, routed the way you govern.
A configurable approval matrix routes any workflow by module, vessel, category, amount, and criticality, with SLA timers, escalations, an in-app inbox, and email digests — including exception rules for single source, fewer than three quotes, and over budget.
- Routing by module, vessel, category, amount, criticality
- SLA timers, escalations, inbox, and digests
- Exception rules for single-source and over-budget
Offline & sync
Built for the satellite link.
Vessels keep working with no internet for 30 or more days. An onboard agent stores data locally and synchronises with shore over a secure, resumable channel, with field-level conflict resolution and a manual-review queue for safety-critical changes.
- 30+ days of offline operation
- Secure, resumable ship-shore synchronisation
- Field-level conflict resolution with a review queue
Documents & evidence
Controlled documents, provable reading.
A controlled-document engine with versioning, controlled copies, distribution lists, read-and-understood tracking, e-signature, watermarking, expiry, and obsolescence management — the evidence locker used by maintenance, HSSEQ, and claims.
- Versioning, controlled copies, and distribution
- Read-and-understood tracking and e-signature
- Watermarking, expiry, and obsolescence
Forms & checklists
Your forms, versioned and enforced.
Build and version forms and checklists with validations, assign them to maintenance, defects, audits, and inspections, and enforce mandatory completion — all available offline.
- Form and checklist builder with validations
- Assigned across maintenance, defects, audits, and inspections
- Mandatory completion, offline-capable
Analytics & BI
Every module, one analytics layer.
A cross-module analytics layer with data marts, scheduled exports and APIs, and dashboards spanning technical, procurement, HSSEQ, operations, finance, and claims.
- Data marts across every module
- Scheduled exports and APIs
- Dashboards from technical to claims
Offline & sync
The ship keeps working. The record keeps up.
Connectivity at sea is intermittent by nature, so the platform assumes it. Work happens on the vessel’s own instance, changes queue locally, and synchronisation reconciles ship and shore when the link allows — with human review where safety demands it.
Also in the platform
The quiet machinery underneath
Master data & codes
Vessels, ports (UN/LOCODE), currencies and FX, Incoterms, HS codes, accounts, cost centres, tax codes, vendors, ranks, permit types, and risk templates — versioned.
Notifications & digests
SLA timers, escalations, an in-app inbox, and email digests across every workflow.
Administration
Roles, approval matrices, and code-list administration that keep the platform consistent.
Questions, answered
Questions, answered
How long can a vessel work offline?
Thirty or more days. The onboard agent stores everything locally and synchronises with shore when the link is available.
How are sync conflicts handled?
Field-level conflict resolution, with a manual-review queue for safety-critical changes.
Is access centrally controlled?
Yes. Single sign-on with roles carrying page- and action-level permissions across every module.
How flexible is the approval routing?
The matrix routes by module, vessel, category, amount, and criticality, with SLA timers, escalations, and exception rules such as single source or over budget.
Can we get data out for our own BI?
Yes. Scheduled exports and APIs sit on cross-module data marts, alongside the built-in dashboards.