The end of the vendor security questionnaire is here.

CORL Cleared differs from a traditional vendor security questionnaire or assessment in four important ways.

First, it is radically simpler. Instead of surfacing hundreds of controls, CORL Cleared focuses on less than 20 key requirements. These requirements are actually correlated to security posture.

Second, it builds upon established assurances and efforts that a vendor is already doing. In this way, it empowers vendors to affirm their posture and to focus their efforts on things that actually reduce risk.

Third, by their nature, vendor security questionnaires are defined by providers, with high variance from one provider to the next. By contrast, CORL Cleared was shaped by the input of healthcare organizations and their vendors with an eye on standardization across the healthcare ecosystem.

Fourth, placement in the contract lifecycle > before the buyer in market even starts the contracting process, and can also extend long beyond to strengthen the loyalty and longevity of your contracts.

We acknowledge that cyber ratings are a valuable tool in the toolbelt, but may not uncover key operational nuances in a vendor's security posture. CORL Cleared™ is different from cyber ratings in a number of ways.  
 
Most notably, a cyber rating is a passive mechanism that—while helpful—does not address the difficult operational challenges at the heart of TPRM. By contrast, CORL Cleared™ focuses on risk as a continuous measure, empowering vendors and their customers to define a pathway that makes sense for their businesses.
 
In addition, the CORL Cleared™ methodology is rooted in collaboration from both sides of the contract and is tightly aligned with healthcare’s cybersecurity requirements.  

CORL Cleared™ includes <20 key requirements that are proven to have an actual correlation to risk. These requirements are less invasive than a typical vendor security questionnaire, but they are also more effective.  
 
As an example, organizations that have completed a recent penetration test are significantly less likely to suffer a breach. To learn about all of the requirements and the CORL Cleared™ approach to strengthening vendor posture, contact a member of our team.  

CORL Cleared™ is the only solution on the market that goes beyond merely identifying remedial actions, and actually assists vendors in their journey to enhance cybersecurity posture. Together with our sister company, Meditology, we have developed a subscription-based cybersecurity program that brings greater coordination and continuity to your cybersecurity efforts and delivers strategic support to guide you along our journey. Because of our deep knowledge in healthcare cybersecurity and ability to offer access to acclaimed practitioners in this area, CORL is the ideal partner for not only alleviating the burden of TPRM for vendors, but also enhancing their cybersecurity posture over time. 
 
We believe that rigor and realism have to go hand-in-hand, which is why a core aspect of the CORL Cleared™ methodology is bringing vendors and clients together to map out a journey that enables them to work together while pursuing cybersecurity excellence over time. 

Yes, both CORL and Meditology have a long track record serving some of healthcare’s largest, most security-conscious payors and providers. Our clients recognize that TPRM is broken and unsustainable in its current state and have confidence that the CORL Cleared™ model delivers on all of the characteristics needed to solve the problem for everyone involved.  
 
CORL Cleared™’s approach is architected to meet H3PT’s six key requirements, which were developed through rich collaboration between payors, providers, and vendors. H3PT is a collaborative, neutral, non-profit forum chartered to bring stakeholders together in defining key requirements for the future of TPRM. CORL Cleared™ is the first solution on the market to operationalize these requirements in a way that is achievable for real stakeholders like you. 

Our CORL Cleared™ journey provides vendors with a rapid, frictionless approach to affirm their security posture and position themselves for contracting in healthcare. After accessing the CORL Cleared Vendor Portal, you will be invited to complete a simple, risk-aligned question set focused on our <20 requirements. Based on your results, we’ll give you a sense of where you stand relative to healthcare’s contracting requirements and map a pragmatic approach to get you ready to contract.  
 
Vendors who meet the CORL Cleared™ criteria are entered into the CORL Cleared™ Vendor Directory, where they can be easily found by members of the CORL Client Community. In addition, vendors are provided tools to share and showcase their CORL Cleared™ status to non-CORL Clients in the broader healthcare ecosystem.