Accessing Citicus ONE
 

Users gain access to Citicus ONE via a web browser.

Authentication of users and administration of their details (contact information, business units, roles etc) can be controlled in several ways. Integration with Windows authentication or with Active Directory (or other LDAP-compliant directory) allows the user administration and authentication process to be integrated with your IT architecture and can provide seamless access for users.

Citicus ONE employs a role-based access model allowing you easy control over the capabilities and scope of individual users or groups of users.

You can model the structure of your organization within Citicus as a hierarchy of any depth and breadth. For example this could be along geographic or business function lines. Easy-to-use drag and drop controls enable you to reorganize this structure at any time to keep in step with organizational changes.

The organizational structure can be use to control access to information held within Citicus ONE and as a basis for consolidating data, for example to produce risk reports covering a specific branch of the organization.

The entities in the organization that will be subject to risk management are known as ‘targets of evaluation’. You can define these quickly and categorize then as different types, such as information resources, suppliers, supplied services, sites, or your own locally-defined types.

Targets of evaluation can be further characterized in terms of their business owner, the part of the enterprise to which they below and by any number of customizable ‘attributes’.

The first stage in the risk management cycle is to assess the business criticality of your defined targets of evaluation. This is achieved through a simple criticality assessment that can be completed by business owners on-line and which objectively probes the potential impact of incidents using business scenarios.

Citicus ONE’s workflow helps you to issue these assessments and email their links to the assigned owner. You can monitor progress in completing the assessments and chase up delayed responses where necessary. 

Business owners obtain access to the results of their criticality assessments as soon as they are completed. The picture opposite shown an extract from the criticality status report provided to the business owner.

The methodology ensures consistency and objectivity, allowing you to compare the relative criticality of different information resources, suppliers or other targets across the enterprise. The software workflow allows you to review completed assessments and accept them or return them for correction as appropriate.

The rankings of business criticality enable you to prioritise risk assessments so that effort is focussed in the most critical areas first.

Risk scorecards can be issued for completion by their owners on-line or through facilitated risk workshops. The evaluation of risk can be conducted at multiple levels of details and can incorporate assessment of compliance with detailed checklists of controls and collection of the supporting evidence.

The picture opposite shows a sample control checklist. Similar checklists are used to evaluate the level of threat and other special circumstances that drive up risk.

Citicus ONE’s constructive approach and graphical results are purposely designed to motivate ‘owners’ to reduce risk to an acceptable level, and the system helps them to keep track of remediation activity.

You can record the issues identified during a risk evaluation that need to be addressed and the specific actions required. Actions can be prioritized, assigned to individuals, costed and tracked. Action plans can be monitored for each targets of evaluation and can be consolidated to gain a business unit or enterprise-level view of remediation activity.

Compiling high-level results for decision-makers
 

Citicus ONE’s business-oriented reporting capabilities are designed to give to keep top decision-makers informed about the risk status of their business unit or the enterprise as a whole.

Risk managers have fine control over the type and scope of information presented in consolidated reports.

Risk and compliance data can also be exported from Citicus ONE for analysis and presentation in external reporting tools.

Return to Our software (topics)

Home | Our software | Services | Resources | News/events | Customers | Partners | About us | Contact us | Privacy policy | © 2010 Citicus Ltd