Quote Icon

CORL is a ‘force multiplier’ for our InfoSec Program. It is not possible for us to accomplish at this level, with this amount of efficiency, on our own. Even if we had an FTE... It would take a year or more, where CORL can do it in a month. We cannot reproduce this in-house.

– Information Security Leader
Quote Icon

For a long time, I was one person trying to assess 60 vendors, leaving 20-30 vendors out due to my time constraints or urgent matters. The CORL VRM services are invaluable to me because through them, I have a team to enable me to get my work done. Being able to have our VRM program in the state it is now would have been impossible without CORL.

– Compliance Risk Manager
Quote Icon

As a Vice President and Security Officer, CORL's MARRS Service is valuable and has certainly made life easier for me. Before working with CORL, a lot of security compliance questionnaires were falling on me and taking a lot of my time.

– Vice President and Security Officer
Quote Icon

We are really able to scale our third-party monitoring now. Before CORL, we only performed assessments on new vendors or certain vendors we felt were high risk - very arbitrary. Now we have a much more structured approach on assessing our existing vendors - part of our third-party risk management program that we hadn’t addressed before.

– Senior Risk and Compliance Manager
Quote Icon

From a dollars-and-cents perspective, we don’t have another application in place from a security standpoint that provides as much bang for the buck as CORL does.

– Information Security Operations Manager
Quote Icon

We score big points with our Board, our Audit Committee, our auditors, and our risk assessment professionals by using CORL for an objective review of our vendors. Using CORL just takes the heat off of us with auditors and assessors and our cyber-security conscious Board - and frankly, this helps me sleep at night.

– Director of Compliance and Internal Audit
Quote Icon

CORL is a very good partner, their data presentation is great, and I like that they are leveraging the power of big data to make risk decisions and look at trends across different industries in healthcare, as there are things we may overlook or not know to focus on.

– Information Security Director
Quote Icon

The value of CORL is excellent. We have thousands of vendors - and how many we haven’t yet assessed, or need to follow-up with - to get that information strategically in our Quarterly Risk Profile and know where we are with our vendors is exceptional. We could not come close to doing this without CORL.

– Senior Security Analyst
Quote Icon

CORL is exceptionally valuable. Looking at the email traffic, I know if CORL wasn’t doing it, it would be me or another member of our team. The amount that it has freed us up to do other things, absolutely a 5 out of 5-star rating.

– Information Security Specialist
Quote Icon

The CORL VRM process and project management is exceptional. I have not worked with a vendor that has been so on top of it and so responsive. It takes a lot of stress off of us to not worry about how things are moving along - we can focus on what we hired CORL for and not worry about operational logistics.

– Workflow Coordinator
Quote Icon

CORL is extremely valuable to us. We use them as an extension of our department. Our CORL team helps us to assess vendors in a capacity we don’t have the depth on our team to do from an FTE perspective.

– Quality and Risk Management Manager
Quote Icon

Everyone in our health system understands the value of CORL. We have cancelled contracts and not proceeded with vendors based on their security risk assessment results. Now we have our business asking to run a CORL review before they buy.

– Information Security Operations Manager
Quote Icon

My description on CORL is that I can sleep well knowing my third-party risk is being managed.

– Director of Information Technology
Quote Icon

I sleep well at night knowing that we are not only compliant, but secure. I would give our security posture a year ago about a D to now an A+, and I think any assessor would be more than satisfied with what they see here now. I can only imagine the time and resources we would have to expend internally to do what our CORL team does.

– Director of Information Technology
Quote Icon

The value-add CORL brings is scalability to execute our VRM program. We need a partner because our internal teams can’t scale and be as robust as the CORL platform. CORL provides great customer service, is willing to work with us to continue to efficiency, and they provide quality reports and a view that our people can consume and take action on. Deliverables that identify the risk, that communicate to vendor and to the Business, and we can all do something about it.

– Director of Enterprise Information Security Office
Quote Icon

I rate the value of CORL a 5 out of 5. We don’t have the ability to do this in-house, period. The depth of work that is put into it would requires us to hire additional staff. It’s extremely valuable to have CORL, and we definitely use them as an extension of our team. I simply cannot replicate the amount of work CORL takes off of our plate.

– Director of Information Security Compliance
Quote Icon

A high-value part of the CORL VRM program is the follow through to completion. We didn’t have the time or resources to dig deep into the issues found. I see the value in the CORL's organized approach: listing out remediation items; communicating with our vendors; and then following-up with our vendors to dig into compensating controls, evidence of policy, etc.

– Senior Risk and Compliance Manager
Quote Icon

CORL is extremely valuable because a) you provide a service we would have a hard time doing ourselves as a small shop. You are an FTE augmentation, and I consider you my employees working on my behalf, so CORL becomes my team of ~100 people, and b) the CORL methodology and the thoroughness is very much in tune with my background in the financial services industry, where I built third-party assessment programs.

– Chief Information Security Officer
Quote Icon

CORL is exceptionally valuable for an insanely great price point. Thinking about the work effort alone, I would have to double my team or lose my mind. I would need another 4- or 5-person team to manage the ~980 vendor relationships.

– Information Security Officer