CORL /cor-al \ kôr′əl/ n.

The name CORL is derived from two words.
1. Correlation, as we correlate data about the security practices of third-party vendors to understand, model and mitigate threats through our tech-enabled managed services. 
2. Coral Reef
which is an analogy for our clients' third-party risk ecosystem and their interdependent relationships with vendors.

vendors assessed
vendor audits per year
premier organizations managed



We get results
by driving vendors to measurable risk reduction
Free up your team's resources and time
by letting us handle the heavy lifting
Rapid turnaround time
 for assessments
Scale your program
with our workflow engine and data on 79K+ vendors
Less cost and higher quality outcomes
than FTEs or tech solutions alone
Dashboard reporting
that business owners can understand


Research Team
  • Research Vendor Security Information
  • Monitor Vendors for Security Posture Changes
  • Analyze Data for Industry Trends
Client Team
  • Understand Risk to Client
  • Present Risk Management Strategy
  • Manage Outcomes and Deliver Results
Audit Team
  • Audit Evidence Against Standards
  • Analyze Vendor and Product Security
Quality Team
  • Measure and Monitor Against SLAs
  • Perform Quality Review
  • Ensure VRM Process Integrity
PMO Team
  • Track Remediation
  • Support Process & Client
  • Communicate with Vendor & Teams


Vrsm Icon

Vendor Risk Management (VRM)

Maars Icon

Managed Assessment Risk & Response Services (MARRS) for Vendors

Onsite Audits Icon

Onsite Audits

Inventory Management Icon

Business Associate Agreement Inventory Management


CORL’s tech-enabled managed services seamlessly integrate with industry-leading vendor risk management technology solutions including Governance, Risk and Compliance (GRC), cyber risk scoring, and third-party risk management automation platforms.

Technology solutions alone do not result in risk reduction. CORL’s strategic partnerships and integration points along with our managed services allow you to:

  • Leverage your investments in risk management technology solutions
  • Get results by combining technical solutions with CORL’s proven workflows, processes, people, and managed services
  • Scale your program and drive efficiencies through automation


  • Collaborative approach
  • Partnering with you to drive audit efficiencies across your customer base
  • Alignment with industry standard frameworks
  • Rapid turnaround on assessments to accelerate sales cycles
  • Secure handling of your data and adherence to legal requirements
Quote Icon

CORL is doing a really good job working with our vendors to complete security risk assessments and it’s a key area that helps me not have to deal with the project management hassles to get stuff done. It takes time off our shoulders and we know you are going to stick with them and see it through to get it done. Overall CORL is a great value proposition for us.

– Information Security Manager
Quote Icon

The CORL team is very good, and they do a good job with our vendors. CORL takes the struggles of following up with our vendors off of my plate.

– Chief Information Security Officer
Quote Icon

CORL is an excellent partner. Their data presentation was exceptional, and I like that they are leveraging the power of big data to make risk decisions and look at trends across different industries in healthcare, as there are things we may overlook or not know to focus on.

– Information Security Director
Quote Icon

The value of CORL is excellent. We have thousands of vendors - and how many we haven’t yet assessed, or need to follow-up with - to get that information strategically in our Quarterly Risk Profile and know where we are with our vendors is exceptional. We could not come close to doing this without CORL.

– Senior Security Analyst
Quote Icon

CORL is extremely valuable to us. We use them as an extension of our department. Our CORL team gives us the ability to assess vendors in a capacity we don’t have the depth on or team to perform from an FTE perspective.

– Quality and Risk Management Manager
Quote Icon

My description on CORL is that I can sleep well knowing my third-party risk is being managed.

– Director of Information Technology
Quote Icon

I sleep well at night knowing that we are not only compliant, but secure. I would give our security posture a year ago about a D to now an A+, and I think any assessor would be more than satisfied with what they see here now. I can only imagine the time and resources we would have to expend internally to do what your team at CORL does.

– Director of Information Technology
Quote Icon

I rate the value of CORL as a 5 out of 5. We don’t have the ability to do this in-house, period. The depth of work that is put into the process would requires us to have a few staff. It’s extremely valuable to have CORL and we definitely use CORL as an extension of our team. I simply cannot replace the amount of work and value CORL provides.

– Director of Information Security Compliance
Quote Icon

CORL is exceptionally valuable for an insanely great price point. Thinking about the work effort alone, I would have to double my team or lose my mind. I would need another 4- or 5-person team to manage the ~980 vendor relationships.

– Information Security Officer