Leveraging vendor risk intelligence, CORL conducts thousands of cost effective vendor assessments based on industry standards (e.g., HITRUST, NIST, PCI, ISO). This process includes:
- CORL begins our vendor risk assessment process with an informative pre-assessment that is delivered within in 72 hours. This pre-assessment provides informative data about a vendor’s security practices that can be used during a RFP process or in response to a contract situation with very tight timeframes.
- CORL follows the pre-assessment by issuing a security questionnaire to the vendor. The questionnaire is based on standards such as NIST and HITRUST and can be customized for each client’s proprietary requirements..CORL also requests documentation from the vendor that provides assurance about the controls that they claim to have in place.
- CORL will review all documentation received from the vendor and will provide formal documentation to the client that summarizes the analysis and provides a related risk score. Recommendations are provided for each identified risk.
"CORL gives us an external and unbiased view of what is going on, and the value of that has triggered good conversations internally around vendor contracts. Thanks to CORL’s knowledge base, we know what to include, what to require, and how to be more clear with what we need from our vendors."
- Prestigious Award-winning Nationwide Specialty Provider