Supplied ServicesCiticus ONE provides you with an efficient and consistent way of tracking risk in your supply chain. This can encompass a wide range of scenarios such as the risks associated with:

  • Outsourcing development and / or operation of IT systems, including the use of cloud computing
  • Sourcing external services to support or replace your internal business processes
  • Sourcing raw materials and products

Citicus ONE's customizable risk scorecards allow you to ‘unpack’ supplier risk to focus on:

  • Risks associated with your relationship with a particular supplier
  • Risks associated with a specific supplied service / product

These can be combined with information about the risks to IT systems that support supplied services through Citicus ONE’s unique dependency risk mapping and consolidated reporting to give an overview of the risks across the whole supply chain.

Supplier risk scorecards probe five risk factors as illustrated below:

  • Criticality: Identifying the potential impact of incidents on the quality, cost and delivery of services or products suppliedRisk Chart
  • Control weaknesses*: eg in contractual arrangements, relationship administration, service delivery, service assurance, exit strategy.
  • Special circumstances*: that can drive risk up: eg the maturity, viability, geographic location of suppliers
  • Level of threat*: eg from disputes, poor performance, misconduct, business interruption
  • Business impact: The impact of actual supply chain incidents in financial, reputational, operational and other ways.

*These risk factors can be assessed at varying levels of detail by employing Citicus ONE’s drill-down checklists. For example the geographic location of suppliers may be further probed to identify risks from unreliable power/telecommunications, political unrest, strikes, environmental events, etc.

Citicus ONE has pre-configured content optimized for probing these supplier risk factors based on industry best practice, developed in conjunction with Citicus’ customers with high levels of expertise in supply chain risk management. This built-in content can be easily customized to match an organization’s specific requirements and standards. For example this could include:

  • The BITS Framework for Managing Technology Risk for Service Provider Relationships
  • The FFIEC Outsourcing Technology Services standards
  • Data privacy requirements imposed on suppliers
  • Guidance from Basel II, Intellect, OGC, ISO/IEC, OCC and others

The results of risk assessments of suppliers and supplied services are presented using Citicus ONE’s graphical reporting process. Examples are shown below and on the Results produced pages.

Supplied Service Compliance

Reporting compliance of an individual supplied service against required standards

Supplier Criticality league table

Providing a league table of the relative criticality of suppliers and the services they provide

Supplier incidents

Tracking actual incidents affecting supplied services

Finding out more

If you would like a personal demonstration of how Citicus ONE could help you manage risks posed by your organization’s suppliers and other third parties you can request a demonstration or just contact us at