INFOGRAPHIC: Assembling an Effective Vendor Security Risk Management Program
At CORL, we do things differently than other vendor security risk providers. Our unique workflow process and data engine enables us to deliver thousands of vendor assessments while maintaining quality. Granular metrics for every step of the vendor security risk assessment from kickoff, data intake, audit, and reporting are tracked for quality and timing.
To ensure quality and accurate reporting, each assessment is divided among various audit and assessment teams based on the type of vendor.
A client team lead is dedicated to each client to provide consistency and strategic oversight of the VSRM program and to ensure appropriate documentation and evidence is submitted by the vendor for review. The CORL audit team includes security specialists who review the vendor with relevant context, such as environments like cloud or offshore, and types of business like medical devices, HIE, or decision support vendors. A quality control team ensures all SLAs are met and process is optimized. And the CORL Project Management Office reports status and escalates per client preferences, all while handling the back and forth communication with all vendors.