Citicus ONE provides a powerful and scalable solution for managing IT security, risk and compliance across your organization’s critical IT applications and infrastructure.

It enables you to:

  • Establish a highly-efficient, continuous process for measuring and managing information risk and compliance across your organization
  • Build the foundation of an information security management system (ISMS) as defined by ISO27001
  • Measure the criticality of business systems and IT infrastructure, objectively and in business terms
  • Conduct proportionate risk assessments of such systems, at whatever level of detail you choose
  • Track how measured risk compares with an acceptable level, using risk charts
  • Complete privacy impact assessments for systems processing personally identifiable information (PII)
  • Assess the compliance of information systems with the standards mandated by your organization including internal policies, external codes of practice (eg ISO27001, COBIT, PCI DSS, ISF SoGP, OWASP, CSA) and any legislation that applies (eg privacy regulations such as GDPR, Sarbanes-Oxley)
  • Conduct risk and compliance assessments of suppliers and other external parties.
  • Rank the criticality of evaluated systems, their compliance status and the overall level of risk they pose to your enterprise, in the form of colourful league tables
  • Generate Dependency Risk Maps™ that highlight the relationships between information systems from a risk perspective 
  • Monitor remediation activity, including oversight of all issues until they are resolved and both the costs and benefits of remedial action
  • Assess information incidents, including their business impact and root causes
  • Highlight the probability of suffering major incidents and success in managing it down.

Citicus ONE’s reporting on risk and compliance is mostly graphical and designed to be easily interpreted by decision makers. 

Finding out more

If you would like a demonstration of how Citicus ONE could help you manage IT security, risk and compliance for your organization you can arrange a demonstration or just contact us at

What customers and experts say

The Citicus ONE risk assessment has picked up significant issues not identified by our recent audit with a fraction of the effort.

Business Manager, Global consumer products company

The Citicus ONE criticality assessment alone is worth its weight in gold.

Information Security Officer, UK police force

It took just three days to configure Citicus ONE to conduct Privacy Impact Assessments that reflect UK privacy legislation. That’s impressive and has given us a solid foundation to start from.

Specialist privacy consultancy

I had used Citicus ONE for almost 4 years with my previous employer. Let me tell you, it's an amazing product and the most user friendly risk management tool currently available in market.

Information Protection & Governance Analyst, Global manufacturing company