CORL Vendor Portal Overview (Vendor Risk Management)

CORL is doing a really good job working with our vendors to complete security risk assessments and it’s a key area that helps me not have to deal with the project management hassles to get stuff done. It takes time off our shoulders and we know you are going to stick with them and see it through to get it done. Overall CORL is a great value proposition for us.

Everyone in our health system understands the value of CORL. We have cancelled contracts and not proceeded with vendors based on their security risk assessment results. Now we have our business asking to run a CORL review before they buy.

The value-add CORL brings is scalability to execute our VRM program. We need a partner because our internal teams can’t scale and be as robust as the CORL platform. CORL provides great customer service, is willing to work with us to continue to efficiency, and they provide quality reports and a view that our people can consume and take action on. Deliverables that identify the risk, that communicate to vendor and to the Business, and we can all do something about it.

For a long time I was one person trying to assess 60 vendors, leaving 20-30 vendors out due to time constraints or urgent matters. The CORL VRM services are invaluable to me because through them, I have a team to enable me to get my work done. Being able to have our VRM program in the state it is now would have been impossible without CORL.

We are really able to scale our third-party monitoring now. Before CORL, we only performed assessments on new vendors or certain vendors we felt were high risk - very arbitrary. Now we have a much more structured approach on assessing our existing vendors - a part of our third-party risk management program that we hadn’t addressed before.