BLOG

The Power of Existing Data for Vendor Risk Assessments

Blog Post by Siobhan Hunter, Vice President of Strategic Solutions at CORL Technologies

Far too many third-party risk management programs rely upon assessment models that start from scratch with assessing products and vendors as they get processed through standard procurement cycles. The mean time to complete a vendor assessment from scratch takes over 27 days, which includes vendor response cycles, clarifications, and validation of information provided.

Security, compliance, and risk teams are under pressure from procurement and business stakeholders to quickly validate and approve vendors for operations. Taking over a month to comprehensively assess a single vendor or product is simply too long for enterprises operating in high change cycles in 2021.

What if it was possible to access completed vendor risk assessments and take advantage of the most recent and up-to-date vetting and validated vendor risk intelligence without having to start from scratch every time? Sounds good right?

CORL has developed a proprietary data clearinghouse that provides you with access to assessment results of the over 70,000 vendor assessments we have already conducted.

Each year, CORL conducts thousands of vendor risk assessments on behalf of our clients. Chances are very high that we have already assessed a substantial portion of your existing and new vendors from a security, risk, and compliance perspective.

CORL’s data clearinghouse is designed to leverage previous questionnaire responses for new client assessments. Upon assessment request, CORL looks to see if the vendor has been assessed before. If so, the vendor has the option to explicitly approve the use of previously provided data for the assessment. Upon approval, the populated questionnaire is sent to the vendor for review and update for any changes that have occurred. Any client-specific questions are also sent for response.

The optimization of assessment data reduces the burden and cost on over-stretched security, risk, and compliance teams while also delivering assessment results in record time. The process also speeds up the assessment response times for vendors who must process a mountain of redundant risk assessment requests from their customer base.

Contact our team here at CORL to learn more our assessment data clearinghouse and how we can accelerate your program response time and reduce costs for assessing your vendor portfolio.

Most Recent Posts
Change Healthcare Cyber Attack: Implications for Third-Party Incident Response in Healthcare Cybersecurity Read More
Do You Understand Your Vendors' SOC 2 Reports? Read More
The Unintended Risks of Third-Party Cybersecurity Questionnaires  Read More