Citicus ONE provides you with an efficient and consistent way of measuring and managing security risks to your organisation's physical assets such as buildings, sites and facilities.

For a demonstration contact us.

Using Citicus ONE you can:

  • Assess and rank the importance of physical assets in an objective business-oriented way
  • Track compliance of sites with security standards (either your own or recognized industry standards)
  • Identify and monitor factors (eg environmental, geo-political) that increase risk for specific sites
  • Define and track actions designed to reduce risk
  • Record security incidents affecting sites, including their causes and business impact
  • Build and maintain a physical asset protection management system (PAPMS), as specified by the ANSI/ASIS Security Management Standard PAP.1-2012.

Physical site security

Citicus ONE’s physical asset risk scorecards probe five risk factors for each site as illustrated below:

  • Risk ChartCriticality: Identifying the worst-case potential impact of incidents affecting the value, performance and continuity of a site.
  • Control weaknesses*: eg in site management, physical security, essential services, incident management, continuity arrangements.
  • Special circumstances*: that can increase risk: eg geographic location, nature of site operations, high degree of change.
  • Level of threat*: eg from criminal activity, natural disaster, loss of key services
  • Business impact: The impact of actual incidents in financial, reputational, operational and other ways.

*These risk factors can be assessed at varying levels of detail by employing Citicus ONE’s drill-down checklists. For example the geographic location of sites may be further probed to identify risks from unreliable power/telecommunications, crime rate, political unrest, strikes, environmental events, etc.

Citicus ONE has pre-configured content optimized for probing these site risk factors based on industry best practice, developed in conjunction with Citicus’ customers with high levels of expertise in site risk management. This built-in content can be easily customized to match an organization’s specific requirements and standards. For example this could include:

  • The ASIS Facilities Physical Security Measures Guidelines
  • The ANSI/ASIS Security Management Standard: Physical Asset Protection, 2012
  • The Customs-Trade Partnership Against Terrorism (C-TPAT) standards for supply chain security
  • The Transported Assets Transport Protection (TAPA) Facility Security Requirements
  • The NERC CIP standards for critical cyber assets
  • ISO27001/2
  • Your own organization’s internally defined physical security standards

Standards can be presented as checklists making it simple to record the status of controls across an organization’s physical assets.Site checklist 

Checklist for verifying compliance with specified security standardsSite compliance status

Chart showing the level of compliance of different sites with security standards

Site special circumstances

Reporting the status of circumstance that drive risk up for physical assets

Reporting the risk status of a range of sites in a league table

Benefits of an automated risk management system

Organizations often rely on spreadsheets, word processors and email trails to record their risk management activities. However, the benefits of employing an optimized risk management system such as Citicus ONE are substantial:

  • Ensuring consistency and objectivity in the risk data you collect
  • Streamlining the collection of risk assessment data to maximize efficiency and minimize the duplication of effort
  • Facilitating the delegation of risk management activity down through the organization to maximize the involvement of asset ‘owners’ themselves
  • Providing sophisticated management reporting, including trends and internal benchmarking
  • Consolidating risk information from different sources with a single methodology, enabling a more converged approach and thereby fulfilling the ANSI/ASIS PAP standard’s requirement to treat all security risks in a singular managed process
  • Providing a reliable and central audit trail of risk management activities that will help the organization monitor what has been done and for what reasons Demonstrating a robust and mature risk management approach to all stakeholders, including customers, shareholders, auditors and regulators.

Implementing Citicus ONE for physical asset risk management

Citicus ONE is a web-based software tool that supports implementations on any scale. It is available as a:

  • Server-based software application installed in-house and accessed across your corporate intranet
  • Single-user desktop or laptop implementation suitable for a small scale implementation
  • Hosted ‘on-demand’ service from Citicus, accessed over the Internet

Training and implementation support is available from Citicus and our implementation partner, Unified Security.

Finding out more

If you would like a personal demonstration of how Citicus ONE could help you manage risks to your organization’s sites and other physical assets you can request a demonstration or just contact us at

You can also download our topic paper on the ANSI/ASIS PAP standard and an information sheet summarizing the capabilities of Citicus ONE for physical asset risk management.