Scottish Government’s Improvement Service creates new approach to risk management based on Citicus ONE
Citicus’ risk management software has been chosen by The Scottish Government’s Improvement Service (IS), for its Customer First programme, to pilot a standard for identification, recording, management and reporting of risk. As well as reducing the likelihood and impact of threats and incidents, Customer First’s risk, compliance and regulatory obligations can now be managed efficiently - within a central location.
Tom McHugh, Customer First’s Programme Manager explains:
“The increasing complexity of technological change, growing number of hosted systems and the large number of people and organisations involved, meant that managing threats and implementing the required controls was becoming an even greater challenge. Significant reputational damage, with a consequent lack of confidence in our systems by the public, is a very real possibility if threats are allowed to materialise.”
Carol Peters, the Customer First Programme Security Advisor says:
“The lack of a single risk management solution was causing operational and security risks in its own right. I was looking for a risk management solution that would address one of our biggest issues which was the ability to prove how our security and privacy design features comply with the increasing number of legislative, regulatory and policy obligations for privacy and security within the public sector.”
Citicus ONE was employed to improve risk identification and management for the different systems and programmes within Customer First. The initial focus was on its Citizen Account Records System, OneScotland Gazetteer database and Customer Service Professional, supporting an accredited training and qualification scheme.
Customer First's 'risk owners' participated in risk workshops using Citicus ONE's succinct criticality assessments and risk scorecards to help them measure risk and compliance of their individual programmes in an objective and consistent way. This enabled Customer First’s management team to collate and report information about risks from the different interdependent elements of the overall programme.
The highly visual, informative results, generated by Citicus ONE include risk and compliance status reports, heat maps, dependency risk maps, risk dashboards, risk league tables and action plans. The software’s multi-level reporting, from high-level executive summaries - to a detailed technical level, ensure that all Customer First’s management are kept informed of the status of risk and compliance in their areas of responsibility.
The Improvement Service now has a standard for identification, recording, management and reporting of risk, within a central location - across the whole Customer First Programme. More control of how risk is managed across the programme can be provided and how risk in one area may potentially impact another.
Carol Peters adds:
“With its strong pedigree in information assurance, Citicus ONE was a valued choice. Not only does it provide an important centralised single framework, but it also provides a fast and easy solution to responding to compliance requests. The reporting structure allows reports to meet various requests at both summary level - down to a more detailed analysis of a particular type of risk.”
About the Improvement Service
The Improvement Service (www.improvementservice.org.uk) was set up in 2005 to help support improvements in the efficiency, quality and accountability of local public services in Scotland by providing advice, consultancy and programme support to councils and their partners. Managed by the Improvement Service and in partnership with Scotland's 32 Scottish local authorities, Customer First aims to deliver 'first time' public services by re-designing them around customers' needs. The programme supports the principles of: easier-to-access, better integrated, local services; effective collaboration across the public sector; better use of public resources and high standards of public service.
Citicus Limited was formed in 2000 by Simon Oxley, Sian Alcock and Marco Kapp. The company provides world-class automated risk management tools that have been implemented in public and private sector enterprises of all sizes around the world, and helps customers implement them successfully. Our flagship software, Citicus ONE, enables organizations to measure and manage the risk posed by the entire range of assets, entities, processes and activities on which they depend, using a methodology that reflects 20 years of research into the factors that drive risk up or down and those which make risk programmes successful.
For more information, contact:
Simon Oxley, Marco Kapp or Sian Alcock, Citicus Limited
Tel: +44 (0)20 7203 8405
Nick Hall, Citicus media relations: Tel: + 44 (0)7949 111174