Quote Icon

CORL is definitely a time saver for us and the value we get from the assessments we can take, incorporate, and move forward with the next steps for vendors. Trusted, knowledgeable, helpful. Overall, communication is good. CORL is raising the risks and non-responsiveness so we can escalate internally.

– Director of Risk Management
Quote Icon

CORL keeps our vendor security assessment process going even if our internal team’s priorities get shifted – it’s “priority proof” – that’s why I enjoy CORL. Because we can rest assured that our assessments are still moving.

– Senior Info Security Analyst
Quote Icon

Going for our HITRUST certification, the CORL vendor security risk management part is a key piece. It helps show our efforts with our vendors in remediation, and the findings from the CORL deliverables go into our Risk Register. CORL is a component of our overall process.

– Chief Information Security Officer
Quote Icon

We are really able to scale our third-party monitoring now. Before CORL, we only performed assessments on new vendors or certain vendors we felt were high risk - very arbitrary. Now we have a much more structured approach on assessing our existing vendors - part of our third-party risk management program that we hadn’t addressed before.

– Senior Risk and Compliance Manager
Quote Icon

We are really satisfied with the relationship, direction, and guidance CORL is providing. Our CORL Team is very responsive, very professional, and provides guidance to help us build and mature our TPRM program.

– Manager of TPRM
Quote Icon

As a customer and as a vendor, CORL is consistent. Everyone is fantastic, works with us in a collaborative way.

– Senior Director, IT Security Customer Management
Quote Icon

Very satisfied with the CORL VSRM process and deliverables. CORL is quick to respond, has worked really well with our vendors for additional documents, and is quick to respond to our vendors. All of our interactions with CORL have been fantastic.

– Security Analyst
Quote Icon

The value to me is from a risk management perspective. Knowing the partner we are signing has been vetted, we have confidence that everything is in place that needs to be. We don’t have enough personnel to do this work ourselves. We used to have to roll the dice; we didn’t have time. Now we don’t have to take that risk anymore.

– CFO
Quote Icon

CORL team is an extension of our team and helps us to successfully run our vendor risk management program. CORL team participation in our vendor risk management program helps us to pass audits when we produce evidence of assessments. Overall the value of CORL continues to be excellent for the last six years.

– Director of Information Security
Quote Icon

By having CORL involved we were able to adhere to a risk program requirement and complete it within the timeframe necessary. Value at the program level allows us as a team to complete required activities and an overall program for the risk management team, and prep for the future. Very valuable.

– Senior Information Risk Consultant
Quote Icon

Working with CORL for VSRM is a 1,000 times improvement compared to what we were doing. We would do the one-time assessment but no follow-up unless there was a purchasing trigger, and we had a big gap in how we were meeting the regulatory expectations. It’s a much more cost-effective way of doing the initial and the re-assessments. The CORL Team works hard to identify true risk and get to true risk reduction

– Chief Information Security Officer
Quote Icon

The CORL value provides is tremendous. We would have to hire several FTEs to manage this. And even then there is industry turnover we would have to deal with. By using CORL, it’s just there: the training is already done on your side, the process, the flow.

– Manager, Information Security
Quote Icon

My description on CORL is that I can sleep well knowing my third-party risk is being managed.

– Director of Information Technology
Quote Icon

CORL is extremely valuable to us. We use them as an extension of our department. Our CORL Team helps us be able to assess vendors in a capacity we don’t have the depth on our team to do from an FTE perspective

– Quality and Risk Management Manager
Quote Icon

Everyone understands in our health system understands the value of CORL. We have canceled contracts and not proceeded with vendors based on the security risk assessment results. Now we have our Business asking to run a CORL review before they buy.

– IS Operations Manager
Quote Icon

The CORL VSRM Team is very responsive and open to feedback. They look to incorporate feedback around additional metrics and tracking and increased focus on delivery and execution. The level of granularity helps us understand any potential issues in the Business Units. I appreciate that extra help and additional info and collaboration regarding the Cyber Threat Intelligence Team.

– Sr. Director Third Party Risk Management
Quote Icon

Value is the CORL team helping us with the vendor security reviews, getting them completed,  freeing us up to focus on internal processes. It’s a staff augmentation to our team and it’s needed.

– Senior Security Controls Engineer
Quote Icon

We feel a true partnership with CORL. I can’t emphasize that enough. CORL is an extension of my team. They get clarification from me, but they know my thought process. I’m covering this role as CISO because we have open positions, and CORL’s assistance makes my life easier.

– Chief Information Security Officer
Quote Icon

CORL is exceptionally valuable for an insanely great price point. Thinking about the work effort alone, I would have to double my team or lose my mind. I would need another 4- or 5-person team to manage the ~980 vendor relationships.

– Information Security Officer