BLOG

Fielding hundreds of security questions from dozens of customer risk assessments can take weeks and sometimes months to address. Getting the right information from the business, the security team, and certain IT specialists and translating that into the customer's specific requests can grind the sales cycle to a halt.

Any delays in the sales process can jeopardize your ability to close and impact hitting sales targets. With the onslaught of cyberattacks targeted at the supply chain, the volume of security assessments and questionnaires is only going to increase.

What if answering security questionnaires became a competitive advantage for your organization rather than a burden? Here are some ways in which CORL has designed a managed service and technology that can streamline questionnaire responses and reduce turnaround times for customer security questionnaire responses. We call this service our Managed Assessment Risk & Response Service, or MARRS for short.

Maintain a Standardized Profile

It may seem like every customer has their own independent set of security questions every time out. However, even though the wording and terminology may vary from assessment to assessment, most security questions revolve around a finite set of well-established security controls and domains.

CORL has designed a model to help vendors servicing healthcare entities to answer a comprehensive set of security and risk questions. There is a one-time lift to get the answers in place and then some minimal effort over time to keep those answers up to date for the organization and associated products. Having the answers prepped in advance and queued up in an automated tool for response drastically cuts down response time for each assessment.

Align with Industry Standards and Regulations

Many security questionnaires are either formally or loosely based on a combination of industry standards and regulatory requirements. CORL has designed our risk response model to map and align to controls for the most commonly used standards including NIST, SIG, ISO, and others. We are also healthcare focused and have questionnaire responses mapped to regulatory requirements impacting healthcare including HIPAA, HITECH, and PCI-DSS.

Many of the requirements in these standards overlap with one another and a subset of answers can be prepared that maps back to each framework. This allows our customers to maintain answers to the smallest amount of questions while still addressing all the major frameworks and regulatory requirements, which drives significant efficiencies and time savings.

Be Prepared to Answer the Most Frequently Asked Questions

CORL manages vendor risk assessments for over a hundred healthcare organizations; we know what questions the customers need addressed and the relative priority of certain security controls over others. Any assessment response program should prioritize preparing and maintaining answers for the security control areas that are most important  to the customer.

Automate the Process

The trick to gaining efficiencies in responses is to pre-populate responses and conduct mapping to standards frameworks ahead of time. This allows you to automate the population of responses without having to manually look them up every time a new assessment comes in. CORL's automated workflow technology performs this function at scale.

Implement Checks and Balances

CORL's process includes quality assurance checks with your team prior to responding to any assessments. This allows us to do the heavy lifting of teeing up the most appropriate answers to the customers questions while still allowing the organization to review and validate responses before sending them back to the customer.

This allows for maximum flexibility in responses and tailoring of answers to address the specific needs of the customer without having to recreate new survey responses from scratch. Providing personalized responses that speak the same language as the client can be a major sales differentiator.

What Our Customers Are Saying

“We’ve been really happy to know that CORL is there for us - to ask questions about industry changes and what might be coming up, and knowing you have the knowledge. Working with the CORL security assessment questionnaire response has improved our security program and helped us better understand what the industry and our clients are looking for in controls and policies and procedures.”

- Director of e-Business & Information Security, Healthcare Data Analytics Company

“The CORL MARRS Service helps us with our process and is cost-effective because it allows us to organize our responses and our thoughts. We are getting tremendous value out of our investment. Very comfortable with the value and with the services.”

- President, Emergency Company Servicing Healthcare

Reel in the Deals

Security assessment are all about building trust between organizations. Organizations that can quickly respond to assessments with a high degree of accuracy and quality relative to the specific areas requested will rapidly accelerate the establishment of trust on the security front.

You can read more about CORL’s MARRS service in our infographic, Mayday! Mayday! Incoming Security Questionnaires.

Contact our team here at CORL if you are struggling to keep up with the volume and burden of responding to customer security risk questionnaires. There is a better way and we have built it. Let us take the heavy lifting off your plate and help you make security responses a major advantage in the sales cycle.