Citicus first software vendor to deliver ISF Standard of Good Practice 2011

Citicus ONE, the award-winning risk and compliance management system from Citicus, is the first software product to support the Information Security Forum’s (ISF) Standard of Good Practice 2011. This Standard is one of the most comprehensive information security standards available, comprising nearly 3,000 controls, and provides full coverage of ISO27002 and COBIT 4.1 – as well as new security issues. Using Citicus ONE, organizations can now assess the status of their information security controls, or those of their suppliers, at a best practice, industry-leading level.

The widely-used Standard of Good Practice, which is updated every two years by the ISF, covers many new security issues not addressed by existing standards. For example, it recommends controls for hot topics such as cloud computing, information leakage, consumer devices (eg smartphones) and security governance.

Citicus ONE delivers the ISF Standard of Good Practice using ‘smart checklists’ that present only those controls relevant to a particular IT environment. This means that organisations can evaluate control status across their critical business applications, networks, data centres, system development activities and external suppliers of products and services.

Citicus ONE risk scorecards probe the status of controls along with other risk factors (including criticality and experience of incidents) so as to provide a unique all-round view of information risk, either for individual assets or aggregated at different levels in the organization.

Simon Oxley, managing director at Citicus says:

“Citicus has been supporting the ISF Standard of Good Practice for many years and we are proud to be the first to deliver its new capabilities. This latest 2011 version is the most comprehensive and up-to-date in the world, which means that organisations using our software are now able to assess the full spectrum of security issues affecting their operations.”

Marco Kapp, director at Citicus adds:

"Citicus ONE is increasingly being used by our customers for managing risk posed by their key suppliers. The new content in the Standard of Good Practice on external supplier management will be of particular interest to them. We are also pleased to see the alignment of this work in the Standard, with that of the Cloud Security Alliance."

About Citicus (

Citicus Limited was formed in 2000 by Sian Alcock, Marco Kapp, and Simon Oxley. Its award-winning Citicus ONE risk and compliance management software has been implemented in public and private sector enterprises of all sizes around the world, and Citicus’ partnership relationship with customers helps them implement and run their risk programmes successfully.

For more information, contact:

Simon Oxley, Citicus Ltd, Tel: +44 (0)20 7203 8405

Nick Hall, Citicus media relations: Tel: + 44 (0)7949 111174

Back to News


Share this post