CORL is doing a really good job working with our vendors to complete security risk assessments and it’s a key area that helps me not have to deal with the project management hassles to get stuff done. It takes time off our shoulders and we know you are going to stick with them and see it through to get it done. Overall CORL is a great value proposition for us.

CORL keeps our vendor security assessment process going even if our internal team’s priorities get shifted – it’s “priority proof” – that’s why I enjoy CORL. Because we can rest assured that our assessments are still moving.

Going for our HITRUST certification, the CORL vendor security risk management part is a key piece. It helps show our efforts with our vendors in remediation, and the findings from the CORL deliverables go into our Risk Register. CORL is a component of our overall process.

The CORL team is very good, and they do a good job with our vendors. CORL takes the struggles of following up with our vendors off of my plate.

We are really satisfied with the relationship, direction, and guidance CORL is providing. Our CORL Team is very responsive, very professional, and provides guidance to help us build and mature our TPRM program.

As a customer and as a vendor, CORL is consistent. Everyone is fantastic, works with us in a collaborative way.

Very satisfied with the CORL VSRM process and deliverables. CORL is quick to respond, has worked really well with our vendors for additional documents, and is quick to respond to our vendors. All of our interactions with CORL have been fantastic.

The value to me is from a risk management perspective. Knowing the partner we are signing has been vetted, we have confidence that everything is in place that needs to be. We don’t have enough personnel to do this work ourselves. We used to have to roll the dice; we didn’t have time. Now we don’t have to take that risk anymore.

CORL team is an extension of our team and helps us to successfully run our vendor risk management program. CORL team participation in our vendor risk management program helps us to pass audits when we produce evidence of assessments. Overall the value of CORL continues to be excellent for the last six years.

By having CORL involved we were able to adhere to a risk program requirement and complete it within the timeframe necessary. Value at the program level allows us as a team to complete required activities and an overall program for the risk management team, and prep for the future. Very valuable.

Working with CORL for VSRM is a 1,000 times improvement compared to what we were doing. We would do the one-time assessment but no follow-up unless there was a purchasing trigger, and we had a big gap in how we were meeting the regulatory expectations. It’s a much more cost-effective way of doing the initial and the re-assessments. The CORL Team works hard to identify true risk and get to true risk reduction

The CORL value provides is tremendous. We would have to hire several FTEs to manage this. And even then there is industry turnover we would have to deal with. By using CORL, it’s just there: the training is already done on your side, the process, the flow.

My description on CORL is that I can sleep well knowing my third-party risk is being managed.

Everyone understands in our health system understands the value of CORL. We have canceled contracts and not proceeded with vendors based on the security risk assessment results. Now we have our Business asking to run a CORL review before they buy.

The CORL VSRM Team is very responsive and open to feedback. They look to incorporate feedback around additional metrics and tracking and increased focus on delivery and execution. The level of granularity helps us understand any potential issues in the Business Units. I appreciate that extra help and additional info and collaboration regarding the Cyber Threat Intelligence Team.

Value is the CORL team helping us with the vendor security reviews, getting them completed,  freeing us up to focus on internal processes. It’s a staff augmentation to our team and it’s needed.

We feel a true partnership with CORL. I can’t emphasize that enough. CORL is an extension of my team. They get clarification from me, but they know my thought process. I’m covering this role as CISO because we have open positions, and CORL’s assistance makes my life easier.