Quote Icon

We are going to tie our internal vendor risk rating to the CORL model. CORL gives us a clear picture of the security and risk profile for a vendor that we might not normally see. The CORL VSQ is much more in-depth and their audit translation into actual risk is beneficial.

– Senior Information Security Risk Analyst
Quote Icon

Value is definitely there; we don’t have the in-house resources to handle VSRM. (We are) very satisfied with our CORL Team and the way they work with our vendor business partners.

– Director, Information Security
Quote Icon

I’m satisfied. You guys are great. When you are working on the mutual customer side, the communication with me is great. You take the guesswork out of it for me and the follow-up is helpful to me – especially to a small business. The relationship has been valuable.

– Chief Technical Officer
Quote Icon

I don’t have to send the VSQs and do the audit and hold the calls, it’s a huge value because we aren’t staffed and that’s why we partner with you. I get constant updates (on) what is going on with my assessments, vendors who have not responded, (and) offers from CORL to help. Everything gets done the day of or (the) day before. Never had a miss.

– Cyber Security Analyst
Quote Icon

I like my team of CORL folks. I refer to them as “my team” when I communicate with vendors so they don’t brush them off: “This is my Team – reply to my team.” I’ve lost internal team members, we have so many things to tackle, and I can’t do this on my own. It’s invaluable to have CORL help. We keep renewing, we have a very good relationship, we have a great CORL team, and it’s a great service.

– Sr. Enterprise Application Security Analyst
Quote Icon

CORL is doing a really good job working with our vendors to complete security risk assessments and it’s a key area that helps me not have to deal with the project management hassles to get stuff done. It takes time off our shoulders and we know you are going to stick with them and see it through to get it done. Overall CORL is a great value proposition for us.

– Information Security Manager
Quote Icon

CORL keeps our vendor security assessment process going even if our internal team’s priorities get shifted – it’s “priority proof” – that’s why I enjoy CORL. Because we can rest assured that our assessments are still moving.

– Senior Info Security Analyst
Quote Icon

Going for our HITRUST certification, the CORL vendor security risk management part is a key piece. It helps show our efforts with our vendors in remediation, and the findings from the CORL deliverables go into our Risk Register. CORL is a component of our overall process.

– Chief Information Security Officer
Quote Icon

The CORL team is very good, and they do a good job with our vendors. CORL takes the struggles of following up with our vendors off of my plate.

– Chief Information Security Officer
Quote Icon

CORL’s work with our vendors is going very well. Thankfully the CORL team is very responsive and on top of things. The way CORL communicates with our vendors keeps them more accountable. Even the very first email laying out what CORL is doing on behalf of us sets the stage and drives accountability of our vendors to us.

– Manager of TPRM
Quote Icon

Working with CORL for VSRM is a 1,000 times improvement compared to what we were doing. We would do the one-time assessment but no follow-up unless there was a purchasing trigger, and we had a big gap in how we were meeting the regulatory expectations. It’s a much more cost-effective way of doing the initial and the re-assessments. The CORL Team works hard to identify true risk and get to true risk reduction

– Chief Information Security Officer
Quote Icon

The CORL value provides is tremendous. We would have to hire several FTEs to manage this. And even then there is industry turnover we would have to deal with. By using CORL, it’s just there: the training is already done on your side, the process, the flow.

– Manager, Information Security
Quote Icon

My description on CORL is that I can sleep well knowing my third-party risk is being managed.

– Director of Information Technology
Quote Icon

CORL is extremely valuable to us. We use them as an extension of our department. Our CORL Team helps us be able to assess vendors in a capacity we don’t have the depth on our team to do from an FTE perspective

– Quality and Risk Management Manager
Quote Icon

Everyone understands in our health system understands the value of CORL. We have canceled contracts and not proceeded with vendors based on the security risk assessment results. Now we have our Business asking to run a CORL review before they buy.

– IS Operations Manager
Quote Icon

The CORL VSRM Team is very responsive and open to feedback. They look to incorporate feedback around additional metrics and tracking and increased focus on delivery and execution. The level of granularity helps us understand any potential issues in the Business Units. I appreciate that extra help and additional info and collaboration regarding the Cyber Threat Intelligence Team.

– Sr. Director Third Party Risk Management
Quote Icon

Value is the CORL team helping us with the vendor security reviews, getting them completed,  freeing us up to focus on internal processes. It’s a staff augmentation to our team and it’s needed.

– Senior Security Controls Engineer
Quote Icon

We feel a true partnership with CORL. I can’t emphasize that enough. CORL is an extension of my team. They get clarification from me, but they know my thought process. I’m covering this role as CISO because we have open positions, and CORL’s assistance makes my life easier.

– Chief Information Security Officer
Quote Icon

CORL is exceptionally valuable for an insanely great price point. Thinking about the work effort alone, I would have to double my team or lose my mind. I would need another 4- or 5-person team to manage the ~980 vendor relationships.

– Information Security Officer