After you submit a request for a new vendor assessment, CORL creates a vendor security questionnaire (VSQ) and submits it to the vendor for completion.
The vendor then needs to complete the questionnaire and provide the requested evidence.
Some vendors are reluctant to complete the questionnaires and we may ask for your assistance in compelling the vendor to complete the questionnaire. If you see Escalated Assessments in the Command Center, you need to take action with the vendor. For more information, see Command Center.
Reminder: You can view the status of the assessment in the Assessment Overview page. For more information, see View the Assessments Queue.
After the vendor completes the assessment, CORL will review the vendor's responses and prepare an Executive Summary assessment report. We'll talk more about the report in the next topic.
If we identify medium or high risks, you can decide if you want the vendor to remediate the risk.
If you proceed with remediation, CORL will start a new process with the vendor to remediate the risks. It can be quite an extensive process, depending on what the vendor needs to do to remediate risk. You can read more about the process here:
After the vendor completes remediation, CORL will update the Executive Summary report with new scores that reflect the vendor's completed remediation.
One last thing. Every Executive Summary report contains a vendor Collaboration Score that lets you see exactly how well the vendor collaborated on completing the assessment. We think that's pretty special.
Let's move on and take an in-depth look at your first Executive Summary report.
Comments
Please sign in to leave a comment.