Each year, CORL conducts thousands of vendor risk assessments on behalf of our clients. We recognize that information security resources are frequently overtaxed, and vendors must often balance the cost of responding to questionnaires with customers’ requirements for due diligence and oversight.
Answering a security questionnaire can take a significant amount of time for scarce information security and IT resources. As a result, CORL offers an assessment Data Reuse Program to help vendors respond quickly to assessments, supporting prompt assessment turnaround times for your business.
CORL’s Assessment Data Reuse Program is designed to leverage previous questionnaire responses for new client assessment requests. The process is straightforward and includes the following steps:
- Vendor to complete an Initial Vendor Profile Questionnaire (IVPQ, approximately 25 questions)
- CORL will compare information on hand against scope information provided in the IVPQ
- If information is a match, CORL will obtain approval from the vendor to reuse the data
- A report using previous responses along with client-specific questions is sent to the vendor for review and update as necessary
- CORL will also leverage evidence (less than one year old or certifications that are still valid) previously provided by the vendor
- If prior evidence validation occurred via screen share, CORL will reperform the validation
Many clients and vendors find that data reuse significantly cuts down on turn-around times and minimizes sales and implementation delays.
We provide a quality assessment in an expedited timeframe, while reducing the assessment fatigue that many vendors experience. If you would like further information on this process, please do not hesitate to speak with your CORL Client Engagement Associate.
- Explaining CORL's Processes to Vendors