-
Assess
- Assess and Audit that is evidence based
-
Identify
Identify the risks from the assessments
-
Allocate
Using the Risk Register delegate the mitigating actions to an owner
-
Mitigate
Mitigate the issue and then close off the risk
-
Respond and Recover
Online response and recovery plans
-
Train
Citadel includes a Training/Learning Management System (LMS)
-
Understand
Ability to model critical interdependencies using graph software.
Citadel
The future of risk management, Audit and emergency response
Citadel provides a comprehensive suite of tools that deliver a scalable and consistent approach to enterprise-wide risk management and compliance. Leveraging integrated AI, Citadel automates the analysis of uploaded documents, summarises complex reports, and generates targeted question sets — significantly reducing manual effort while increasing speed and accuracy.
Data is captured efficiently and translated into a single, actionable view of your organisation’s vulnerabilities. Potential areas of risk or non-compliance are automatically identified, allowing teams to act swiftly using the integrated Risk Register. For risks that cannot be tolerated, mitigation can be initiated immediately.
Citadel also incorporates a digital Emergency Response and Learning Management System, enabling organisations to digitise and manage response plans and training needs in one secure environment. This ensures faster, more coordinated responses during critical incidents — ultimately enhancing organisational resilience and recovery speed.


Recently featured in an independent review:
Top GRC Platforms – 2025 Comparison
See how Citadel compares to leading GRC platforms in this impartial feature review.
Simple, Secure, Scalable
Making better-informed decisions faster
an enterprise wide picture of the risks facing your organisation
gain confidence in your governance and assurance procedures
real time situational awareness and understanding
enabling better and faster decision making that is evidence based and fully auditable
a scalable and consistent approach to risk
a clear understanding about your business’ risks
Features
arx technology
Working in challenging regulatory and operational environments and the need for rigorous compliance do not have to mean bespoke software development.
We have built a technology stack leveraging industry best practices for cyber security and using the latest micro service architecture and a generic, modular framework.
This technology stack is the foundation of Citadel, giving organisations a COTS capability with enterprise grade features - without the price tag of bespoke software
-
Data Encryption
All data is held in secure UK data centers and is encrypted in transit and at rest
-
API integration
Citadel is built on an API structure that allows both incoming and outgoing data to be shared with multiple other sites and applications. This allows Citadel to be used as a central hub for data sharing, and it makes it easy to integrate Citadel with other systems. The API structure of Citadel is designed to be flexible allowing Citadel to be used in a variety of different ways, and it makes it easy to integrate Citadel with other systems. For example the Threat Vector multiplier can take a feed from an external API and automatically rerun an assessment if the threat changes. Citadel can then disseminate notifications to relevant parties or provide feedback to one of the organisation's external APIs to send notifications. The Map function is another example of how Citadel ingests data and blends information into a single view.
-
Access Controls
Customisable hierarchical access control
-
BSI Kitemark
The BSI Kitemark for Secure Digital Transactions rigorously and independently tests websites or apps to make sure they have the security controls in place for the financial and/or personal information they are handling.
It requires a website or an app to undergo rigorous and independent testing and producers of websites or apps from banking to entertainment can reassure their clients by displaying the BSI Kitemark on their product and in their marketing materials.




News and Views
Capturing accurate performance data that gives a true picture is difficult
Most of the companies with which we work will conduct regular risk audits. Whilst companies recognise the need to review their risk posture to assure themselves that the range of measures they have put in place are delivering their intended effect and that the company’s policies and procedures are being followed, their approach can vary significantly. Read More
Our Founders

Richard Thompson
Managing Partnerfollowing a thirty-three year career in government service dealing with some of the most challenging operational, policy and regulatory issues, I fully appreciated the importance of excellent risk management and the power of technology. Having the right technology in place can transform the speed and the quality of decision making.

Andrew Wood
Managing PartnerAs an aviator, first as a helicopter pilot and continuing as a B747 Captain I was immersed in a highly regulated and risk-averse environment.
I started developing internet technology in 1998 when the web began to become popular. Utilising both skill sets I have guided the development team to produce the Citadel software.