News
Scottish Government’s Improvement Service creates new approach to risk management
January 2010 by Marc Jacob
Citicus’ risk management software has been chosen by The Scottish Government’s Improvement Service, for its Customer First programme, to pilot a standard for identification, recording, management and reporting of risk. As well as reducing the likelihood and impact of threats and incidents, Customer First’s risk, compliance and regulatory obligations can now be managed efficiently - within a central location.
Tom McHugh, Customer First’s Programme Manager explains, “The increasing complexity of technological change, growing number of hosted systems and the large number of people and organisations involved, meant that managing threats and implementing the required controls was becoming an even greater challenge. Significant reputational damage, with a consequent lack of confidence in our systems by the public, is a very real possibility if threats are allowed to materialise.”
Carol Peters the Customer First Programme Security Advisor says “The lack of a single risk management solution was causing operational and security risks in its own right. I was looking for a risk management solution that would address one of our biggest issues which was the ability to prove how our security and privacy design features comply with the increasing number of legislative, regulatory and policy obligations for privacy and security within the public sector.”
Citicus ONE was employed to improve risk identification and management for the different systems and programmes within Customer First. The initial focus was on its Citizen Account Records System, OneScotland Gazetteer database and Customer Service Professional, supporting an accredited training and qualification scheme.
Customer First’s ‘risk owners’ participated in risk workshops using Citicus ONE’s succinct criticality assessments and risk scorecards to help them measure risk and compliance of their individual programmes in an objective and consistent way. This enabled Customer First’s management team to collate and report information about risks from the different interdependent elements of the overall programme.
The highly visual, informative results, generated by Citicus ONE include risk and compliance status reports, heat maps, dependency risk maps, risk dashboards, risk league tables and action plans. The software’s multi-level reporting, from high-level executive summaries - to a detailed technical level, ensure that all Customer First’s management are kept informed of the status of risk and compliance in their areas of responsibility.
The Improvement Service now has a standard for identification, recording, management and reporting of risk, within a central location - across the whole Customer First Programme. More control of how risk is managed across the programme can be provided and how risk in one area may potentially impact another.
Carol Peters added, “With its strong pedigree in information assurance, Citicus ONE was a valued choice. Not only does it provide an important centralised single framework, but it also provides a fast and easy solution to responding to compliance requests. The reporting structure allows reports to meet various requests at both summary level - down to a more detailed analysis of a particular type of risk.”
