CORL Technologies Seeks to Create Sea Change in Healthcare Industry to End the Unsustainability of TPRM
Company launches new third-party risk management program, CORL Cleared, that sets the gold standard for vendors to proactively prove their security posture and removes the need for multiple assessments
Healthcare organizations and vendors are overburdened with the status quo third-party risk management (TPRM) assessment approach, comprised of disparate questionnaires, an unnecessarily complex and overcrowded tool landscape, and exchanges and scorecards that are better at creating confusion than managing risk. The legacy approach to TPRM is time-consuming for both healthcare organizations and vendors, puts too much burden on organizations to prove their vendors’ security posture, and at the end of the day, is ineffective at mitigating risk. CORL Technologies, the leading provider of third-party risk management solutions for healthcare, introduces CORL Cleared to solve this problem of scale and unsustainability for the industry at large.
CORL Cleared builds upon the collective efforts of widely respected assurance frameworks to provide a new way to streamline the TPRM process by distilling multi-hundred question questionnaires and confusing document exchanges into a small set of key requirements that genuinely matter as indicators of the vendor’s security posture. Upon completion, it demonstrates a vendor is suitable for contracting and radically accelerates the contracting timeline without sacrificing due diligence.
“The challenge with TPRM is that there are too many lengthy and time-consuming assessments for both healthcare organizations and vendors to process. Everyone is overwhelmed, future risk is not necessarily being mitigated, and none of the stakeholders are fully satisfied,” says CORL Technologies CEO and Founder Cliff Baker. “The healthcare industry is in need of a sea change. At CORL, we believe that rigor and velocity need not come at the expense of one another, and we are committed to reducing friction in the TPRM process for all parties involved. We are similarly focused on making sure risk evaluation drives risk reduction. Our CORL Cleared methodology gets us closer to both of these goals.”
Typically, TPRM validation requires 300+ vendor-attested controls or cobbling together a patchwork of security scores and vendor-provided documents. CORL Cleared requires vendors to provide evidence on a small set of security requirements, such as security certifications, cyber liability insurance, and routine penetration testing. CORL Cleared serves as a clearinghouse for clients by examining this evidence, ensuring it meets an acceptable standard, and providing an easily understood risk rating.
Vendors validated through CORL Cleared must continually hit regular milestones on the key requirements to affirm their continued security posture. As long as the vendor continues to stay current, they are “cleared” to skip through security diligence and enter contract negotiations with any CORL Clients. No more multiple assessments. No more exchanges. Clients simply check the database to see if a vendor and/or product are CORL Cleared.
At HIMSS 2023, CORL Technologies’ CEO and Founder, Cliff Baker, and HCA Healthcare’s Chief Product Security Officer, Matthew Webb, will host an Afternoon Break titled TPRM is Broken. Details are as follows:
Tuesday, April 18
3:00 – 4:00 pm
McCormick Place – West Building
Level 4, Room W474
Those interested are required to RSVP as space is limited. Learn more and register here.
About CORL Technologies
CORL is a leading provider of vendor risk management solutions for the healthcare industry. CORL gets results by scaling organizational and vendor risk programs through our healthcare vendor risk clearinghouse solution, dashboard reporting that business owners can understand, and proven workflows that drive measurable risk reduction.
For more information, visit https://corltech.com/corlcleared/