CORL Solution

Leveraging vendor risk intelligence, CORL conducts thousands of cost effective vendor assessments based on industry standards (e.g., HITRUST, NIST, PCI, ISO). This process includes:

  1. CORL begins our vendor risk assessment process with an informative pre-assessment that is delivered within in 72 hours. This pre-assessment provides informative data about a vendor’s security practices that can be used during a RFP process or in response to a contract situation with very tight timeframes. 
  2. CORL follows the pre-assessment by issuing a security questionnaire to the vendor.  The questionnaire is based on standards such as NIST and HITRUST and can be customized for each client’s proprietary requirements..CORL also requests documentation from the vendor that provides assurance about the controls that they claim to have in place.
  3. CORL will review all documentation received from the vendor and will provide formal documentation to the client that summarizes the analysis and provides a related risk score.  Recommendations are provided for each identified risk. 

NEXT STEP: Managing Vendors