Citadel — AI governance that runs itself
Citadel keeps your governance programme live after Sentinel. ROGS score updated in real time, board scorecard generated automatically — without anyone preparing it.
The ROGS Score
Every Citadel client has a ROGS score — Risk and Operational Governance Score. A single composite number, 0–100, that measures your AI governance posture across four dimensions. The number your board tracks month-on-month.
ROGS turns AI governance from a status report into a measurable programme with a direction of travel. It links operational governance directly to financial and regulatory outcomes.
ROGS Score
Sector benchmark: 65
Illustrative figures
Role-based views
Citadel is built around five distinct views. Each one is calibrated to a different set of decisions — so the board sees governance posture and the CFO sees ROI.
Board / CEO
ROGS score, compliance position, key risks flagged, and recommended actions. Designed to be readable in 90 seconds before a board meeting. The view that ends the question "where do we stand on AI governance?"
CFO
Total projected benefit, actual spend, and realised ROI across every AI programme. Net projected value, portfolio ROI, and variance to plan. The number that goes to the investment committee — updated automatically every month.
Governance Lead
Active governance tasks, remediation actions, control implementation status, compliance deadlines, exception queue, and ownership assignments. The operational view that keeps the programme moving between board meetings.
Audit Committee / NED
Non-technical summary of AI governance posture for non-executive directors. RAG status, headline risks, and board-level recommended actions — without operational detail. Designed to be read in 90 seconds.
Operations / System Owners
System-level risk scores, evidence tasks, workflow assignments, EU AI Act classifications, and AutoDiscover alerts. Every AI system in your estate with its current governance status. Shadow AI flagged automatically when discovered.
Core modules
Each module governs a specific layer of the AI estate. Together they provide the inventory, evidence, scoring and reporting structure your board programme requires.
ROGS score, open findings, portfolio ROI, and active governance alerts — the complete picture across your AI estate. The view your CEO opens on Monday morning.
The live inventory of every AI system — owner, use cases, risk tier, approval status, vendor, and data flows. Updated automatically as new systems appear via AutoDiscover.
Risk scored in monetary terms — not traffic lights. Regulatory, operational and reputational exposure quantified per system and across the portfolio. Updated every month.
Approvals, evaluations, exception records, and control attestations — stored, timestamped, and auditable. The evidence layer that converts governance intent into governance fact.
Total projected benefit, actual spend, and realised ROI across every AI programme — automatically updated each month. The CFO's question answered on one screen.
Monthly board scorecards generated automatically — governance health, material issues, open actions, compliance status. Ready to present without manual preparation.
The platform in use
When Sentinel closes, Citadel is pre-populated with your complete AI inventory, risk scores, and compliance assessments. You log in to a live system — not an empty dashboard.
ROGS score, open findings, portfolio ROI, active alerts, and attention-required flags. The complete governance picture.
£35.4M projected benefit, £6.8M projected cost, +359.4% portfolio ROI. Updated automatically every month.
Every system — including those discovered by AutoDiscover. Risk tier, EU AI Act classification, shadow AI flags, and last assessed date.
AI use cases by business function, regulatory classification, and governance status. EU AI Act high-risk classifications tracked live.
AutoDiscover — continuous, not one-off
AutoDiscover runs continuously inside Citadel — scanning your cloud estate, SSO directory, and SaaS footprint weekly. Every new AI tool that appears in your organisation surfaces automatically, with a shadow AI flag if it wasn't onboarded through governance review.
Example AutoDiscover finding
ShadowScorer
Discovered via AutoDiscover scan of Azure AD. Third-party classifier. UNASSESSED.
Shadow AI — needs reviewSystems like this appear in organisations every week. Citadel surfaces them automatically before they become a governance incident.
Security & deployment
Infrastructure, access, and data handling that satisfies enterprise procurement and regulatory expectations.
| Infrastructure | Google Cloud Platform, europe-west2 (London). All data encrypted at rest and in transit using AES-256. |
| Access control | Role-based access control enforced at row level (PostgreSQL RLS). No user sees data outside their authorised scope. MFA enforced for admin roles. |
| Data residency | UK only. All data stored and processed in London region. GDPR-compliant by design. DPA provided as standard. |
| Uptime SLA | 99.5% monthly. P1 incident response in 15 minutes, 24/7. RTO 4 hours, RPO 1 hour. |
| Authentication | RS256 JWT. OIDC integration with Azure AD, Okta, Auth0, and Google Workspace. MFA required for Governance Lead and Admin roles. |
| Compliance docs | ISO 27001 alignment documentation available on request. DPA, security questionnaire, and procurement pack provided to qualified prospects. |
| Go-live | Live from Citadel go-live — pre-populated with your complete AI inventory and risk scores. Onboarding from prior assessments typically under one day. |
What Citadel is not
There is a category of product that puts a clean interface on top of manual data entry and calls it AI governance. Citadel is not that. The distinction matters because governance without live system data degrades quickly — within weeks, the register is stale, the scores are wrong, and the board pack reflects a state of the organisation that no longer exists.
Built specifically for AI governance — not repurposed analytics software with governance labels applied.
Citadel is a live operating environment. The register updates, the scores update, the board pack generates automatically each month.
Policies without live system data are paperwork. Citadel connects policy obligations to the actual systems they govern.
Citadel is populated by Sentinel. The engagement close is the platform start — your registry, risk scores, and reporting baseline are already live on day one.
Regulatory & framework alignment
Citadel does not claim certification or guarantee compliance outcomes. It provides the governance mechanics and evidence structure that makes compliance demonstrable.
EU AI Act
Risk classification, Article 9 controls, FRIA support, human oversight documentation, and obligation tracking.
ISO 42001
AI management system structure, policy mapping, evidence requirements, and control documentation aligned to the standard.
FCA / SM&CR
Senior manager accountability mapping, Consumer Duty evidence, model risk governance, and operational resilience documentation.
NIST AI RMF
Govern, Map, Measure and Manage functions supported across the platform — structured for organisations using NIST as their primary AI risk framework.
Citadel goes live at Sentinel close, pre-populated with your entire AI estate. Start with a Sentinel Diagnostic to see what you're working with.
Talk to us
30 minutes with Declan or Austin. No sales deck. No obligation.
Book a call →Start with Sentinel
Citadel goes live at Sentinel close. See how the engagement works first.
See Sentinel →Read first
From Hidden Use to Defensible Control. Free PDF — no registration.
Download free →Live from engagement close · Monthly board reporting · Automated · Always on
