Citicus Limited's flagship Citicus ONE risk and compliance management software has been shortlisted by SC Magazine for two Awards, Best Security Management Product / Service Award and Innovation Award.

Citicus ONE is also the cornerstone of Barclays Global Retail and Commercial Banking's Information Risk Management Process which was shortlisted for Best Information Security Project of the Year Award. 

SC Magazine's Awards recognise excellence in information security.  Judging of the technology and industry awards is by an impartial panel of information security professionals from major European and global organizations including investment banks, retails banks, retail groups, airlines, insurance groups, food groups and government departments.

Winners will be announced at the SC Awards Europe 2010 ceremony and dinner on Tuesday 27th April 2010.

Responding to SC Magazine's shortlisting, Citicus managing director Simon Oxley says:
"We're proud to have been shortlisted for two of SC Magazine's prestigious awards and to be the solution provider for Barclays' Information Risk Management Process.  This is a strong endorsement of what we and our customers have achieved since we won SC Magazine's Editors choice Award in 2003."

Citicus director Marco Kapp, chief architect of the risk methodology implemented by Citicus ONE, explains what's behind its success:
"Citicus ONE's key strength is that it equips businesses to measure and manage the risk posed by their IT-based information systems using a highly-efficient, proportionate and scalable method that is based on extensive research – not guesswork.  These qualities are essential in today's economic environment where businesses and government agencies are looking to streamline their activities and build risk management processes that really work."

Citicus director Sian Alcock, who oversees Citicus ONE's development adds:
"Being shortlisted for SC Magazine's 2010 Innovation Award reflects the way we continually extend our software to help our customers deal with fresh challenges.  We do this in close collaboration with them.  The latest version of Citicus ONE enables organisations to measure and manage the risk posed not just by IT but by the entire range of assets, entities, processes and activities on which they depend, including IT- and non-IT-based information systems, sites, business processes, privacy-related projects, and suppliers of goods or services.  It comes pre-loaded with different 'bases of evaluation'.  These define the precise issues to be probed when assessing particular areas of risk.  Customers can easily enhance these or configure their own.  Thus the system is very flexible.  Because the same principles are applied, different areas of risk can be compared and aggregated, and an overall picture of risk provided to decision-makers, which is exactly what they are looking for."

To date, Citicus ONE has been used to conduct many thousands of evaluations in 150+ countries.  Users praise the way it brings business, IT and security people together, uses people's time efficiently, and provides business, IT and security decision-makers with results they can easily understand and relate to.

Using it, business IT, security and risk professionals can quickly take stock of their organization's key information assets and identify where responsibility for each one lies.  Critical assets can be subjected to 'deep dive' risk assessments using balanced risk scorecards plus supporting checklists.  Risk and compliance ratings can then be easily aggregated to provide decision makers with an up-to-date view of their organization's risk status.

Note:  Citicus ONE can be used to assess outsourced systems and outsource suppliers as well as systems run in-house;  and compliance with key standards, policies and regulations (eg PCI-DSS, ISO 27000, COBIT, site security, health and safety).

The software's 'all-risk' capabilities are enabling customers to extend and innovate their risk practices, for example to cover supplier risk and to gauge compliance with anti-corruption and child labour laws (compliance with these is vital for companies seeking a strong position in the Dow Jones Sustainability Index, which many companies aspire to do).  Its 'all risk' capabilities are also being applied in innovative ways in government, banking, insurance, factory automation, procurement and logistics.