Citicus ONE

The enterprise platform for information risk assessment and security governance. Developed, hosted and maintained by CO2 Compliance Services (UK) Ltd.

Citicus ONE provides a structured, proven methodology for assessing and managing information risk across your organisation. Built on decades of experience in the information security industry, it enables security professionals, risk managers and senior leadership to work together to understand, quantify and reduce risk.

Key Capabilities

🎯 Business-Driven Risk Assessment

Citicus ONE uses a business-focused approach to risk assessment. Rather than relying solely on technical vulnerability scans, it evaluates risk in the context of what matters most to your organisation — your critical business activities, processes and information assets.

📑 Compliance Framework Mapping

Map your security controls against major regulatory and industry frameworks including ISO 27001, GDPR, NIS2 Directive, PCI DSS, Cyber Essentials and NIST. Identify gaps and demonstrate compliance through clear, auditable evidence.

📈 Quantified Risk Metrics

Move beyond qualitative risk matrices. Citicus ONE produces quantified risk scores that allow you to compare risks objectively, track changes over time and communicate risk posture to the board in meaningful terms.

🏢 Multi-Entity Support

Manage risk assessments across multiple business units, subsidiaries or clients from a single platform. Aggregate results for group-level reporting while maintaining granular visibility at the entity level.

🤝 Third-Party Risk Management

Extend your risk assessment capability to your supply chain. Evaluate the security posture of suppliers and partners, track their compliance and manage third-party risk as part of your overall programme.

📊 Board-Level Reporting

Generate comprehensive reports designed for senior leadership and board-level audiences. Present risk information in clear, non-technical language that supports informed decision-making and strategic planning.

How It Works

1

Define Your Scope

Identify the business activities, information assets and systems that are critical to your organisation. Citicus ONE guides you through a structured scoping process.

2

Assess Your Controls

Evaluate the effectiveness of your security controls against recognised standards and best practices. The platform provides a comprehensive control framework to ensure thorough coverage.

3

Quantify Your Risk

Citicus ONE calculates risk scores based on the combination of threat likelihood, control effectiveness and business impact, giving you an objective view of your risk exposure.

4

Report and Improve

Generate reports for different audiences, prioritise remediation activities, and track improvement over time. Demonstrate measurable progress to stakeholders and regulators.

Platform Details

☁️ Cloud-Hosted

Fully managed SaaS platform. No infrastructure for you to maintain — we handle hosting, backups, updates and security.

🔒 Secure by Design

Data encrypted in transit and at rest. Role-based access control, audit logging and regular penetration testing.

🌍 Accessible Anywhere

Browser-based access from any device. No software installation required. Secure access for distributed teams worldwide.

See Citicus ONE in Action

Request a demonstration to see how Citicus ONE can support your risk assessment and compliance objectives.

Request a Demo View Pricing
An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.