The end of the vendor security questionnaire is here.

Yes, you read that right.

Over the years, CORL has assessed enough vendors to know that the vendor security questionnaire isn’t the way of the future. And now, we’re happy to be the ones to send it on its way, together.

Meet CORL Cleared™, a simple risk methodology that eliminates questionnaires, accelerates deal velocity, rewards your existing security efforts, and already has the support of healthcare’s largest providers.

Sweet music to my ears!
Send me more information.

CORL Cleared is the most worthwhile investment you’ve ever made.

End the madness.

Put an end to countless controls, redundant questions, and backbreaking volume with <20 requirements that are based on the things that actually matter to your customers.

Work once, win everywhere.

Complete the CORL Cleared journey once, then use your status to prove your security posture, accelerate all of your deals, and predict your forecasts with total confidence.

Grow your healthcare business.

Increase your visibility and access new opportunities through the CORL Cleared vendor network, which makes it easy for hospitals to find you (and know you care about security).

Get back to your core competency.

Free your sales team from red tape and free your cybersecurity team from paperwork so that everyone can focus on moving your business forward.

Stop with all the assessments.

The questionnaire’s demise, before your very eyes.

CORL Cleared is about empowering vendors and their customers… starting now. Watch our explainer below to learn more.

Your customers will love it.
You’ll love it even more.

CORL Cleared was developed in direct response to the feedback of vendors and the healthcare organizations they serve. Here is what they had to say.

If a vendor met the CORL Cleared requirements, I would feel no need to assess them.”

– CISO, Top 100 Healthcare Provider

It’s a breath of fresh air, and it actually improves our security posture along the way.”

– Sales Director, Fortune 500 HealthTech Company

For once, you ask the questions.

How does CORL Cleared differ from an assessment?

CORL Cleared differs from a traditional vendor security questionnaire or assessment in four important ways.

First, it is radically simpler. Instead of surfacing hundreds of controls, CORL Cleared focuses on less than 20 key requirements. These requirements are actually correlated to security posture.

Second, it builds upon established assurances and efforts that a vendor is already doing. In this way, it empowers vendors to affirm their posture and to focus their efforts on things that actually reduce risk.

Third, by their nature, vendor security questionnaires are defined by providers, with high variance from one provider to the next. By contrast, CORL Cleared was shaped by the input of healthcare organizations and their vendors with an eye on standardization across the healthcare ecosystem.

Fourth, placement in the contract lifecycle > before the buyer in market even starts the contracting process, and can also extend long beyond to strengthen the loyalty and longevity of your contracts.

How does CORL Cleared differ from cyber ratings?

We acknowledge that cyber ratings are a valuable tool in the toolbelt, but may not uncover key operational nuances in a vendor's security posture. CORL Cleared™ is different from cyber ratings in a number of ways.  
Most notably, a cyber rating is a passive mechanism that—while helpful—does not address the difficult operational challenges at the heart of TPRM. By contrast, CORL Cleared™ focuses on risk as a continuous measure, empowering vendors and their customers to define a pathway that makes sense for their businesses.
In addition, the CORL Cleared™ methodology is rooted in collaboration from both sides of the contract and is tightly aligned with healthcare’s cybersecurity requirements.  

What types of indicators does CORL Cleared include?

CORL Cleared™ includes <20 key requirements that are proven to have an actual correlation to risk. These requirements are less invasive than a typical vendor security questionnaire, but they are also more effective.  
As an example, organizations that have completed a recent penetration test are significantly less likely to suffer a breach. To learn about all of the requirements and the CORL Cleared™ approach to strengthening vendor posture, contact a member of our team.  

What if we don’t meet all of the requirements?

CORL Cleared™ is the only solution on the market that goes beyond merely identifying remedial actions, and actually assists vendors in their journey to enhance cybersecurity posture. Together with our sister company, Meditology, we have developed a subscription-based cybersecurity program that brings greater coordination and continuity to your cybersecurity efforts and delivers strategic support to guide you along our journey. Because of our deep knowledge in healthcare cybersecurity and ability to offer access to acclaimed practitioners in this area, CORL is the ideal partner for not only alleviating the burden of TPRM for vendors, but also enhancing their cybersecurity posture over time. 
We believe that rigor and realism have to go hand-in-hand, which is why a core aspect of the CORL Cleared™ methodology is bringing vendors and clients together to map out a journey that enables them to work together while pursuing cybersecurity excellence over time. 

Are my customers confident in the CORL Cleared approach?

Yes, both CORL and Meditology have a long track record serving some of healthcare’s largest, most security-conscious payors and providers. Our clients recognize that TPRM is broken and unsustainable in its current state and have confidence that the CORL Cleared™ model delivers on all of the characteristics needed to solve the problem for everyone involved.  
CORL Cleared™’s approach is architected to meet H3PT’s six key requirements, which were developed through rich collaboration between payors, providers, and vendors. H3PT is a collaborative, neutral, non-profit forum chartered to bring stakeholders together in defining key requirements for the future of TPRM. CORL Cleared™ is the first solution on the market to operationalize these requirements in a way that is achievable for real stakeholders like you. 

What does the CORL Cleared journey involve?

Our CORL Cleared™ journey provides vendors with a rapid, frictionless approach to affirm their security posture and position themselves for contracting in healthcare. After accessing the CORL Cleared Vendor Portal, you will be invited to complete a simple, risk-aligned question set focused on our <20 requirements. Based on your results, we’ll give you a sense of where you stand relative to healthcare’s contracting requirements and map a pragmatic approach to get you ready to contract.  
Vendors who meet the CORL Cleared™ criteria are entered into the CORL Cleared™ Vendor Directory, where they can be easily found by members of the CORL Client Community. In addition, vendors are provided tools to share and showcase their CORL Cleared™ status to non-CORL Clients in the broader healthcare ecosystem. 

Take the CORL Cleared journey and never look back.

© 2023 CORL Technologies, All rights reserved.