Citadel supports assessments and audits across any framework. Existing risk, compliance, and assurance approaches can be uploaded via the Question Builder, enabling consistent assessment across sites, teams, or business units.

Where new or emerging risks are identified, assessments can be created quickly from scratch. Question sets can also be designed to assess compliance against one or multiple standards, without duplicating effort.

Question Builder

Administrators can build or edit audits and assessments quickly, and capture supporting evidence in any format. Evidence can be reviewed for relevance and completeness, and reused across future assurance activity.

Once an assessment is completed, Citadel automatically generates reports and an executive summary, highlighting key findings and priority areas. Outcomes feed directly into the organisation’s view of control performance and risk.

Citadel’s risk register is informed by assessment outcomes, keeping risk aligned to current control performance. Risks can be identified, prioritised, and managed in one place, with clear ownership and status.

As assessments and evidence are updated, the register remains current without manual consolidation. This supports clearer reporting to senior leaders, boards, and stakeholders, with a consistent view across the organisation.

Citadel provides statistical insight across assessments, controls, evidence, and risks, enabling organisations to understand trends over time and focus attention where it matters most.

Analysis: Explore performance across the platform by site, team, asset, or category.

Trend and relationship insight: Identify patterns and relationships that indicate improving or deteriorating control effectiveness.

Visualisation: Use clear charts and dashboards to communicate results and direction of travel.

Reporting: Generate reporting that supports assurance, governance, and decision-making.

Citadel’s mapping capability helps you visualise the data you collect and bring additional risk-related data into view. External datasets (for example fire, flood, or crime) can be incorporated through the platform’s API structure.

Mapping supports clearer planning and assurance by showing where risks, controls, and operational realities concentrate across locations, assets, and services.

Risk is shaped by likelihood and impact. While controls may reduce likelihood, external conditions can shift the threat level over time.

The Threat Vector Multiplier allows risk to be adjusted when relevant external information changes — either manually or automatically. Where thresholds are met, Citadel can prompt reassessment and notify the appropriate risk owners.

This keeps risk views current and supports timely decisions on whether additional or enhanced controls are required.

Citadel helps organisations understand critical interdependencies between assets, systems, processes, and services.

By capturing relationships alongside assurance data, Citadel highlights where weaknesses could create wider impact. This supports resilience planning and helps prioritise mitigation where disruption would have the greatest consequence.

Interdependency insight can be used to inform planning, scenario discussion, and targeted investment in resilience.

Citadel includes learning and training management to support operational readiness. Training can be managed centrally, with clear visibility of completion and progress.

This enables organisations to track competence and readiness alongside assurance activity, supporting a more joined-up view of risk and capability.

• Centralise training content and course management
• Track learner progress and completion
• Report on compliance and readiness
• Support consistent training delivery across the organisation

Citadel supports the digital management of emergency response and recovery plans, ensuring the right people can access clear actions quickly when needed.

Plans are maintained centrally and made available through role-based access, supporting coordinated response and consistent execution during incidents.

• Accessible plans: Up-to-date response and recovery instructions available across devices
• Emergency alerts: Notify designated individuals and signpost the correct plan and actions
• Real-time oversight: Support control-room or incident leadership visibility during response
• Emergency contacts: Maintain a directory of relevant contacts to support rapid coordination
• Self-help resources: Provide supporting guidance and quick-reference information where appropriate

Citadel uses AI to reduce manual effort and support consistent, high-quality assurance activity across the organisation.

AI can analyse uploaded documents such as policies, standards, and reports to extract key themes, obligations, and areas of focus. This helps teams move more quickly from documentation to structured assessment.

• Document insight: Identify relevant risks, controls, and requirements from source material
• Clear summaries: Convert long documents into concise, decision-ready outputs
• Focused question sets: Generate assessment questions aligned to the material provided

This supports faster assessment creation, more consistent assurance, and improved evidence quality — without replacing professional judgement.

Citadel’s gap analysis highlights where controls, practices, or evidence do not fully meet agreed requirements, supporting a clear and prioritised improvement plan.

Gap analysis can be performed against recognised standards, internal policies, or organisation-specific requirements, using assessment outcomes and supporting evidence already captured in the platform.

• Standards and frameworks: Compare posture against ISO, NIST, JSP, or other benchmarks
• Internal requirements: Assess alignment with your own policies and control expectations
• Assessment outcomes: Visualise gaps across sites, teams, assets, or time periods

This provides a clear view of where attention is required, without manual cross-referencing or additional audit effort.