CORL /cor-al \ kôr′əl/ n.

The name CORL is derived from two words.
1. Correlation, as we correlate data about the security practices of third-party vendors to understand, model and mitigate threats through our tech-enabled managed services. 
2. Coral Reef
,
which is an analogy for our clients' third-party risk ecosystem and their interdependent relationships with vendors.

65,000+
vendors assessed
7,000+
vendor audits per year
100+
premier organizations managed

CORL’S VENDOR RISK MANAGEMENT SERVICES GET RESULTS.

WHY CORL?

We get results
by driving vendors to measurable risk reduction
Free up your team's resources and time
by letting us handle the heavy lifting
Rapid turnaround time
 for assessments
Scale your program
with our workflow engine and data on 65K+ vendors
Less cost and higher quality outcomes
than FTEs or tech solutions alone
Dashboard reporting
that business owners can understand

CORL'S VENDOR RISK MANAGEMENT PROCESS

Expert Team V2
1.
Research Team
  • Research Vendor Security Information
  • Monitor Vendors for Security Posture Changes
  • Analyze Data for Industry Trends
2.
Client Team
  • Understand Risk to Client
  • Present Risk Management Strategy
  • Manage Outcomes and Deliver Results
3.
Audit Team
  • Audit Evidence Against Standards
  • Analyze Vendor and Product Security
4.
Quality Team
  • Measure and Monitor Against SLAs
  • Perform Quality Review
  • Ensure VRM Process Integrity
5.
PMO Team
  • Track Remediation
  • Support Process & Client
  • Communicate with Vendor & Teams

CORL'S MANAGED SERVICES

Vrsm Icon

Vendor Risk Management (VRM)

Maars Icon

Managed Assessment Risk & Response Services (MARRS) for Vendors

Onsite Audits Icon

Onsite Audits

Inventory Management Icon

Business Associate Agreement Inventory Management

INTEGRATION WITH LEADING TECHNOLOGY SOLUTIONS

CORL’s tech-enabled managed services seamlessly integrate with industry-leading vendor risk management technology solutions including Governance, Risk and Compliance (GRC), cyber risk scoring, and third-party risk management automation platforms.

Technology solutions alone do not result in risk reduction. CORL’s strategic partnerships and integration points along with our managed services allow you to:

  • Leverage your investments in risk management technology solutions
  • Get results by combining technical solutions with CORL’s proven workflows, processes, people, and managed services
  • Scale your program and drive efficiencies through automation

WHAT SHOULD VENDORS EXPECT FROM A CORL ASSESSMENT?

  • Collaborative approach
  • Partnering with you to drive audit efficiencies across your customer base
  • Alignment with industry standard frameworks
  • Rapid turnaround on assessments to support sales cycles
  • Secure handling of your data and adherence to legal requirements
Quote Icon

CORL is a ‘force multiplier’ for our InfoSec Program. It is not possible for us to accomplish at this level, with this amount of efficiency, on our own. Even if we had an FTE... It would take a year or more, where CORL can do it in a month. We cannot reproduce this in-house.

– Information Security Leader
Quote Icon

From a dollars-and-cents perspective, we don’t have another application in place from a security standpoint that provides as much bang for the buck as CORL does.

– Information Security Operations Manager
Quote Icon

CORL is an excellent partner. Their data presentation was exceptional, and I like that they are leveraging the power of big data to make risk decisions and look at trends across different industries in healthcare, as there are things we may overlook or not know to focus on.

– Information Security Director
Quote Icon

The value of CORL is excellent. We have thousands of vendors - and how many we haven’t yet assessed, or need to follow-up with - to get that information strategically in our Quarterly Risk Profile and know where we are with our vendors is exceptional. We could not come close to doing this without CORL.

– Senior Security Analyst
Quote Icon

CORL is extremely valuable to us. We use them as an extension of our department. Our CORL team gives us the ability to assess vendors in a capacity we don’t have the depth on or team to perform from an FTE perspective.

– Quality and Risk Management Manager
Quote Icon

My description on CORL is that I can sleep well knowing my third-party risk is being managed.

– Director of Information Technology
Quote Icon

I sleep well at night knowing that we are not only compliant, but secure. I would give our security posture a year ago about a D to now an A+, and I think any assessor would be more than satisfied with what they see here now. I can only imagine the time and resources we would have to expend internally to do what your team at CORL does.

– Director of Information Technology
Quote Icon

I rate the value of CORL as a 5 out of 5. We don’t have the ability to do this in-house, period. The depth of work that is put into the process would requires us to have a few staff. It’s extremely valuable to have CORL and we definitely use CORL as an extension of our team. I simply cannot replace the amount of work and value CORL provides.

– Director of Information Security Compliance
Quote Icon

CORL is exceptionally valuable for an insanely great price point. Thinking about the work effort alone, I would have to double my team or lose my mind. I would need another 4- or 5-person team to manage the ~980 vendor relationships.

– Information Security Officer