Citicus: Software capabilities

How Citicus ONE works

What makes Citicus ONE special?

Software capabilities

Results produced

Software workflow

Gaining access

Platform requirements

Pricing

Key benefits

Our services

Citicus ONE user group

Citicus ONE maintenance and support

Citicus ONE hosted services

Education and training

Bases of evaluation

Programme management and execution

Collaborative developments

Additional technical support

Technology licensing

Downloads

Request a demonstration

Customer case studies

Testimonials

Implementation partners

Strategic alliances

Technology partners

Company profile

Our flagship software

Our standing

Our global customer base

Our research foundation

Our management team

Our company name

Contact details

	Software capabilities Citicus ONE is a web-based application, available in six languages (English (UK/US), Dutch, French, German and Japanese), that offers a highly-efficient, constructive and continuous method of measuring and managing information risk, supplier risk and other areas of operational risk across an enterprise. Deploying Citicus ONE gives business ‘owners’ on the ground insights into the risk status of their areas of responsibility, and practical guidance on driving risk down. It also provides top management with an overview of the risk and compliance status of their critical operational assets and processes. To measure risk in meaningful business terms, Citicus ONE employs succinct risk scorecards and criticality assessments to evaluate defined ‘targets of evaluation’, such as: application systems and IT infrastructure that support the organization’s business activities key suppliers and the services they provide essential sites and other risk areas. The system may also be used to evaluate the causes and effects of significant incidents. Citicus ONE's functionality is outlined below. For a printer-friendly summary, download our Summary of Citicus ONE's capabilities (PDF, 137Kb).
	Fact-gathering
		Citicus ONE equips you to measure risk of defined targets of evaluation efficiently using carefully-designed forms presented for easy completion on line. These include: Criticality assessment Risk scorecard - configurable checklists probing the status of controls, threats and special circumstances that drive risk up can also be presented to provide a more detailed assessment Incident assessment
	Results produced for people responsible for risk ‘on the ground’
		Citicus ONE provides high-quality results for business ‘owners’. These are, presented succinctly, in plain language, both on screen and in PDF format. The results provided include: : Risk status report Risk heat map Dependency risk map^tm Compliance status and compliance trend reports Guidance on driving down risk Schedule of issues and Action plan Schedule of control weaknesses and other key findings of the risk evaluation process.
	Results produced for decision-makers at business unit/corporate level
		Citicus ONE also provides high-quality results for top management and for others with an interest in the status of risk across the enterprise. These consolidated results include: Risk dashboard showing the overall level of risk and its key drivers High-level risk status report, showing key risks, common vulnerabilities and threats, and the cost and other business impacts of actual incidents experienced Criticality league table, ranking information resources, suppliers, sites and other targets according to their measured business criticality Risk league table, ranking targets of evaluation according to their measured risk Dependency risk maps^tm highlighting the risk pinch-points in the complex structure of inter-dependent information systems, suppliers, sites and other assets and processes Compliance trend reports for specific business units or the enterprise as a whole Breakdown of Compliance status by business unit Risk factor analysis reports allowing you to drill-down on the status of specific controls (or other risk factors) across the enterprise Incident list, ranked by harm caused Incident statistics, including breakdowns by type and their business impact.
	Workflow management
		Citicus ONE helps you implement a constructive risk management process efficiently by providing automated support for: Defining the information resources, suppliers, sites and other targets within the scope of the risk management system Administering users either directly or via integration with an external user directory such as Microsoft Active Directory Assigning ‘owners’ to targets of evaluation and a ‘completer’ for each evaluation form Issuing risk scorecards and assessments at frequencies that reflect the criticality of each target Bringing forward previous evaluation results for updating, with minimal effort Tracking completion of issued scorecards/assessments and supporting chase up as required Reviewing completed forms and assigning them as 'accepted' or 'returned for correction' Keeping track of actions needed at corporate level and any risk 'pinch points' (eg weaknesses in IT infrastructure which affect many information resources) Generating high-level results (these can be refreshed automatically as evaluations are updated) Exporting risk and compliance data in XML format (using an Excel-compliant schema) for external analysis and reporting Keeping track of risk management activity via an extensive audit log.
	Remediation activity planning
		Citicus ONE records key issues raised by risk and compliance evaluations and maintains action plans to help manage these issues through to resolution. Issue schedules and Action plans are maintained at three levels: For individual targets of evaluation, enabling their ‘owners’ to identify and manage the control improvements called for by risk and compliance assessments For specific parts of the enterprise, enabling local co-ordinators to identify and manage actions they need to take within their business units For the enterprise as a whole, enabling the custodian of the entire risk management process to identify and manage actions needed at corporate level (eg new policies, standards or procedures).
	Customization
		Citicus ONE's customization capabilities enable you to tailor the process to fulfil your own requirements. For example, you can: Generate Harm reference tables which help users evaluate business impact consistently, in terms that reflect your organization's activities. Generate Standards of practice and compliance checklists to help users consistently evaluate the status of the controls applied to their information resources, suppliers, sites and other targets. If desired these can be based on the Citicus-supplied standards such as ISO27001, COBIT, PCI-DSS, ISF SoGP, or can be developed from your internal standards or local regulatory requirements (eg FSA, FFIEC, Basel II, SOX, etc). Generate customized checklists of threats and special circumstances that apply to specific types of target of evaluation. These can be based on the content supplied with Citicus ONE for threat categories and special circumstances for information risk, supplier risk and site risk or can be built from scratch. Develop multi-lingual versions of the customizable content so that it is presented to end users in their own language. Modify the user authentication and administration process to integrate with your corporate approach to identity management. The customization process is simple and can be carried out by the customer using the Citicus ONE user interface and other support tools such as the Excel-based Citicus Workbench. Support from Citicus is available if needed (see the Services page for further details).
	Return to Our software (topics)


	Home \| Our software \| Services \| Resources \| News/events \| Customers \| Partners \| About us \| Contact us \| Privacy policy \| © 2009 Citicus Ltd

Software capabilities

Fact-gathering

Results produced for people responsible for risk ‘on the ground’

Results produced for decision-makers at business unit/corporate level

Workflow management

Remediation activity planning

Customization