CORL leads the industry in tech-enabled managed services for vendor risk management and compliance. The company was founded in 2012 to address the need to achieve measurable risk reduction at scale through vendor intelligence, technology, and managed services.
OUR LEADERSHIP TEAM
CORL’s leadership team has decades of experience in the information security, compliance, and vendor risk management fields. Our seasoned team of experts has developed and managed third-party risk management programs for 100+ premier organizations across the country.
Our data on vendor security risk practices is unmatched. We have performed security assessments of over 65,000 vendors and have advanced analytics and workflow automation capabilities that deliver vendor intelligence, process efficiencies, cost reduction, and scale for our client’s third-party risk management programs.
CORL’s mission is driven by a spirit of collaboration. We bring together our customers, vendors, technology partners, and other industry stakeholders to achieve our shared objective of protecting sensitive information in the most efficient and cost-effective manner possible.
CORL serves clients across the country and is headquartered in Atlanta, GA.
We also maintain offices in Philadelphia, San Diego, Denver, Nashville, and India.
CORL is exceptionally valuable. Looking at the email traffic, I know if CORL wasn’t doing it, it would be me or another member of our team. The amount that it has freed us up to do other things, absolutely a 5 out of 5-star rating.
Everyone in our health system understands the value of CORL. We have cancelled contracts and not proceeded with vendors based on their security risk assessment results. Now we have our business asking to run a CORL review before they buy.
We are really able to scale our third-party monitoring now. Before CORL, we only performed assessments on new vendors or certain vendors we felt were high risk - very arbitrary. Now we have a much more structured approach on assessing our existing vendors - a part of our third-party risk management program that we hadn’t addressed before.