The Scottish government has chosen Citicus' risk management software for its Customer First programme.

The services provided under the Customer First Programme and its local government partners handle many millions of personal data records through its IT systems housed within the Scottish National Infrastructure. This data has to be kept secure and handled in line with legislative controls and requirements.

The Citicus ONE risk management software was employed to improve risk identification and management for the different systems and programmes within Customer First. The generated results include risk and compliance status reports, heat maps, dependency risk maps, risk dashboards, risk league tables and action plans.

The software's multi-level reporting, from high-level executive summaries - to a detailed technical level, ensure that all Customer First's management are kept informed of the status of risk and compliance in their areas of responsibility. 

Tom McHugh, Customer First's programme manager, said: “The increasing complexity of technological change, growing number of hosted systems and the large number of people and organisations involved, meant that managing threats and implementing the required controls was becoming an even greater challenge.

“Significant reputational damage, with a consequent lack of confidence in our systems by the public, is a very real possibility if threats are allowed to materialise.”

Carol Peters, customer first programme security advisor, said: “With its strong pedigree in information assurance, Citicus ONE was a valued choice. Not only does it provide an important centralised single framework, but it also provides a fast and easy solution to responding to compliance requests.”