Citadel — AI Governance Platform
Citadel keeps your governance programme live after Sentinel closes. ROGS score updated in real time. Board scorecard generated automatically. No one has to prepare anything.
The ROGS Score
Every Citadel client has a ROGS score — Risk and Operational Governance Score. A single composite number, 0–100, that measures your AI governance posture across four dimensions. The number your board tracks month-on-month.
ROGS turns AI governance from a status report into a measurable programme with a direction of travel. It links operational governance directly to financial and regulatory outcomes.
ROGS Score
Sector benchmark: 65
Illustrative figures
Role-based views
Citadel is built around five distinct views. Each one is calibrated to a different set of decisions — so the board sees governance posture and the CFO sees ROI.
Board / CEO
ROGS score, compliance position, key risks flagged, and recommended actions. Designed to be readable in 90 seconds before a board meeting. The view that ends the question "where do we stand on AI governance?"
CFO
Total projected benefit, actual spend, and realised ROI across every AI programme. Net projected value, portfolio ROI, and variance to plan. The number that goes to the investment committee — updated automatically every month.
Governance Lead
Active governance tasks, remediation actions, control implementation status, compliance deadlines, exception queue, and ownership assignments. The operational view that keeps the programme moving between board meetings.
Audit Committee / NED
Non-technical summary of AI governance posture for non-executive directors. RAG status, headline risks, and board-level recommended actions — without operational detail. Designed to be read in 90 seconds.
Operations / System Owners
System-level risk scores, evidence tasks, workflow assignments, EU AI Act classifications, and AutoDiscover alerts. Every AI system in your estate with its current governance status. Shadow AI flagged automatically when discovered.
The platform in use
When Sentinel closes, Citadel is pre-populated with your complete AI inventory, risk scores, and compliance assessments. You log in to a live system — not an empty dashboard.
ROGS score, open findings, portfolio ROI, active alerts, and attention-required flags. The complete governance picture.
£35.4M projected benefit, £6.8M projected cost, +359.4% portfolio ROI. Updated automatically every month.
Every system — including those discovered by AutoDiscover. Risk tier, EU AI Act classification, shadow AI flags, and last assessed date.
AI use cases by business function, regulatory classification, and governance status. EU AI Act high-risk classifications tracked live.
AutoDiscover — continuous, not one-off
AutoDiscover runs continuously inside Citadel — scanning your cloud estate, SSO directory, and SaaS footprint weekly. Every new AI tool that appears in your organisation surfaces automatically, with a shadow AI flag if it wasn't onboarded through governance review.
Example AutoDiscover finding
ShadowScorer
Discovered via AutoDiscover scan of Azure AD. Third-party classifier. UNASSESSED.
Shadow AI — needs reviewSystems like this appear in organisations every week. Citadel surfaces them automatically before they become a governance incident.
Security & deployment
Infrastructure, access, and data handling that satisfies enterprise procurement and regulatory expectations.
| Infrastructure | Google Cloud Platform, europe-west2 (London). All data encrypted at rest and in transit using AES-256. |
| Access control | Role-based access control enforced at row level (PostgreSQL RLS). No user sees data outside their authorised scope. MFA enforced for admin roles. |
| Data residency | UK only. All data stored and processed in London region. GDPR-compliant by design. DPA provided as standard. |
| Uptime SLA | 99.5% monthly. P1 incident response in 15 minutes, 24/7. RTO 4 hours, RPO 1 hour. |
| Authentication | RS256 JWT. OIDC integration with Azure AD, Okta, Auth0, and Google Workspace. MFA required for Governance Lead and Admin roles. |
| Compliance docs | ISO 27001 alignment documentation available on request. DPA, security questionnaire, and procurement pack provided to qualified prospects. |
| Go-live | Live from Day 12 of Sentinel — pre-populated with your complete AI inventory and risk scores. Onboarding from prior assessments typically under one day. |
Citadel goes live at Day 12 of Sentinel, pre-populated with your entire AI estate. Start with a Sentinel Diagnostic to see what you're working with.
Fixed fee · No day-rate surprises · No commitment beyond the Diagnostic
