Citicus Limited provides software for building an automated physical asset protection management system (PAPMS) as specified by the newly published ANSI/ASIS PAP.1 2012 standard.
The ANSI/ASIS PAP standard defines a framework that helps practising security managers to apply and manage physical security measures to safeguard an organization's people, property and information. The standard strongly promotes the convergence of risk management activities across an organization through a cross-functional risk assessment and management system that identifies, evaluates and resolves all security risks within a singular, managed process.
Citicus Limited’s Citicus ONE software provides security managers with an efficient and effective tool that helps them to build and maintain a PAPMS and enables them to:
- Identify, categorize and record physical assets and their owners
- Define and manage interdependencies between physical assets, information systems and key suppliers from a risk perspective
- Measure the criticality of physical assets to the business objectively and consistently
- Conduct risk assessments of physical assets using a simple but powerful risk scorecard
- Define and track remediation activities aimed at driving risk down
- Report on risk to all stakeholders including individual asset owners, risk managers, senior management, auditors and others.
A key driver of risk for physical assets is the status of security controls and Citicus ONE incorporates an in-built library of over 500 controls for site protection. These can be easily augmented or replaced with an organization’s own security standards or internationally recognized standards such as the ASIS Facilities Physical Security Measures Guideline, enabling users to benchmark their control status.
One of the goals of a PAPMS is to support decision making by balancing experience and intuition with factual data about the risk status of assets. Citicus ONE supports this through its collation of objective risk metrics, including information about past incidents and their impact. This provides organizations with the ability to review, challenge and change past decisions concerning the protection of assets.
Simon Oxley, managing director at Citicus says, “The ASIS PAP standard promotes a concept we at Citicus are very interested in – the use of a common approach to managing risks of all kinds across the enterprise – and I was very pleased to be able to contribute to its development. We believe that our Citicus ONE software provides an excellent platform for security managers to measure and manage risk in a more holistic way across their physical facilities, IT systems and supply chains.”
James Willison, founder of Unified Security Ltd and vice-chairman ASIS International European security convergence sub-committee adds, “Information and physical security leaders from across the security industry worked together to give the standard a strong converged perspective in recognition that, unless there is a collaborative approach to the management of security risk, those who attack physical sites will exploit the weakest link. Citicus ONE enables security practitioners across the organization to identify the assets most at risk. By using the same framework security risks can be correlated across the enterprise and a team approach established. Traditionally many physical security managers have relied on spreadsheet-based risk tools and these make it difficult to assess the risks they face across the business. Citicus ONE can really help to ensure risk is recorded, monitored and managed efficiently, effectively and consistently.”