CORL /cor-al \ kôr′əl/ n.
The name CORL is derived from two words.
1. Correlation, as we correlate data about the security practices of third-party vendors to understand, model and mitigate threats through our tech-enabled managed services.
2. Coral Reef, which is an analogy for our clients' third-party risk ecosystem and their interdependent relationships with vendors.
CORL’S VENDOR RISK MANAGEMENT SERVICES GET RESULTS.
We get results
by driving vendors to measurable risk reduction
Free up your team's resources and time
by letting us handle the heavy lifting
Rapid turnaround time
Scale your program
with our workflow engine and data on 79K+ vendors
Less cost and higher quality outcomes
than FTEs or tech solutions alone
that business owners can understand
CORL'S VENDOR RISK MANAGEMENT PROCESS
- Research Vendor Security Information
- Monitor Vendors for Security Posture Changes
- Analyze Data for Industry Trends
- Understand Risk to Client
- Present Risk Management Strategy
- Manage Outcomes and Deliver Results
- Audit Evidence Against Standards
- Analyze Vendor and Product Security
- Measure and Monitor Against SLAs
- Perform Quality Review
- Ensure VRM Process Integrity
- Track Remediation
- Support Process & Client
- Communicate with Vendor & Teams
CORL'S MANAGED SERVICES
Vendor Risk Management (VRM)
Managed Assessment Risk & Response Services (MARRS) for Vendors
Business Associate Agreement Inventory Management
INTEGRATION WITH LEADING TECHNOLOGY SOLUTIONS
CORL’s tech-enabled managed services seamlessly integrate with industry-leading vendor risk management technology solutions including Governance, Risk and Compliance (GRC), cyber risk scoring, and third-party risk management automation platforms.
Technology solutions alone do not result in risk reduction. CORL’s strategic partnerships and integration points along with our managed services allow you to:
- Leverage your investments in risk management technology solutions
- Get results by combining technical solutions with CORL’s proven workflows, processes, people, and managed services
- Scale your program and drive efficiencies through automation
WHAT SHOULD VENDORS EXPECT FROM A CORL ASSESSMENT?
- Collaborative approach
- Partnering with you to drive audit efficiencies across your customer base
- Alignment with industry standard frameworks
- Rapid turnaround on assessments to accelerate sales cycles
- Secure handling of your data and adherence to legal requirements
CORL is doing a really good job working with our vendors to complete security risk assessments and it’s a key area that helps me not have to deal with the project management hassles to get stuff done. It takes time off our shoulders and we know you are going to stick with them and see it through to get it done. Overall CORL is a great value proposition for us.
The CORL team is very good, and they do a good job with our vendors. CORL takes the struggles of following up with our vendors off of my plate.
CORL is an excellent partner. Their data presentation was exceptional, and I like that they are leveraging the power of big data to make risk decisions and look at trends across different industries in healthcare, as there are things we may overlook or not know to focus on.
The value of CORL is excellent. We have thousands of vendors - and how many we haven’t yet assessed, or need to follow-up with - to get that information strategically in our Quarterly Risk Profile and know where we are with our vendors is exceptional. We could not come close to doing this without CORL.
CORL is extremely valuable to us. We use them as an extension of our department. Our CORL team gives us the ability to assess vendors in a capacity we don’t have the depth on or team to perform from an FTE perspective.
My description on CORL is that I can sleep well knowing my third-party risk is being managed.
I sleep well at night knowing that we are not only compliant, but secure. I would give our security posture a year ago about a D to now an A+, and I think any assessor would be more than satisfied with what they see here now. I can only imagine the time and resources we would have to expend internally to do what your team at CORL does.
I rate the value of CORL as a 5 out of 5. We don’t have the ability to do this in-house, period. The depth of work that is put into the process would requires us to have a few staff. It’s extremely valuable to have CORL and we definitely use CORL as an extension of our team. I simply cannot replace the amount of work and value CORL provides.
CORL is exceptionally valuable for an insanely great price point. Thinking about the work effort alone, I would have to double my team or lose my mind. I would need another 4- or 5-person team to manage the ~980 vendor relationships.