BLOG

Regs on the Radar: Emerging Supply Chain Regulations & Standards

Recent high-profile supply chain attacks have heightened awareness of third-party vendor cybersecurity and privacy risks on a global scale. However, breaches and vulnerabilities in the supply chain have been on the radar for several years and have led to the development of slew of new regulations and standards. In this blog post, we will give a quick rundown of some of the latest regulations, standards, and guidance targeting supply chain risks from a federal and global standpoint. Read More

Everyone Wins | The Case for Collaboration with Vendors

Vendors can sometimes be treated less like business partners and more like adversaries for some third-party risk programs. This confrontational approach, however, often leads to breakdowns in communication that can impede the shared business objectives between customers and clients for driving down information security risks for all parties involved. Read More

The Power of Existing Data for Vendor Risk Assessments

Far too many third-party risk management programs rely upon assessment models that start from scratch with assessing products and vendors as they get processed through standard procurement cycles. The mean time to complete a vendor assessment from scratch takes over 27 days, which includes vendor response cycles, clarifications, and validation of information provided. Read More

SolarWinds Cyberattack Exposes Supply Chain Risks

A groundbreaking cyberattack against the Texas-based IT network solutions provider SolarWinds has resulted in unauthorized access to a wide range of government and private sector organizations. The extent, scale, and impact of the attack are still being assessed; however, initial indications are that the attack will have lasting security impacts for months and possible years to come. Read More

Explaining CORL's Processes to Vendors

CORL provides a unique and innovative model for managing third-party risk. However, there are wide range of vendor assessment technologies and solutions on the market including cyber risk scoring tools, GRCs, automated questionnaires, vendor exchanges, and more. This diversity of solutions has generated confusion for some vendors that are trying figure out how and where CORL fits into the picture with supporting your vendor risk program. Read More

Securing the Healthcare Data Supply Chain

CORL Technologies CEO Cliff Baker recently had the opportunity to deliver a presentation alongside leadership from the Office for Civil Rights (OCR) on the state of HIPAA Security Rule compliance and risk management for third-party Business Associate vendors servicing the healthcare industry. The breach data and enforcement updates supplied by OCR reinforced his perspective on the paradigm shift currently underway for healthcare delivery in the migration of critical business functions to third-party cloud-based platforms. Read More

Optimizing the Human in Third-Party Risk Management

Security and risk teams have been overwhelmed by the tsunami of requests for vendor security risk assessments as the digital health movement continues to shift data to third-party platforms. Constraints on human capital and time have never been tighter. Leading organizations are looking for ways to focus their teams on true risk management activities rather than perpetually collecting and formatting risk data. Information security and risk leaders have turned to technology and automation to help keep pace with this unprecedented demand for third-party security assessments. Read More