Now that you have the first Executive Summary report, let's walk through it so you understand how to read the report.
You've probably been looking around the Client Portal and wondering where to find the Executive Summary report. The secret handshake requires navigating to Assessments > Assessments Overview and locating the card that corresponds to the assessment. For more information, see View the Executive Summary.
After you click the assessment card, you can either click View Executive Summary to view the report in the side panel or you can click the new page icon if you want to review the report in a new window.
Our preference is new window because the report is easier to read, but it's up to you to decide what works best for you.
Topics in this article include:
- Understanding Standard Executive Summary Report Sections
- Understanding the Vendor's Assessment Responses
- Reviewing Remediation Guidance
- Provide Executive Summary Feedback
Understanding Standard Executive Summary Report Sections
The Executive Summary report contains several standard sections.
Assessment Overview
This section describes the vendor and product CORL included in the vendor assessment.
Risk Rating Overview
The section provides the vendor's overall risk. If the risk is low, the vendor presents a low likelihood of exposing your organization to a breach. On the other hand, if the risk is high you will want to consider asking the vendor to consent to remediation.
If you want to understand the score, click View Risk Rating Key to view the legend. For more information, see CORL Vendor Scoring Process.
Risk Rating Control Summary
This section breaks down the vendor's responses to the questionnaire by tier and describes the percentage of controls that met the requirements for each tier.
There are 4 tiers with Tier 1 presenting the highest likelihood of breach to Tier 4 which is more informational.
Validation Evidence Review
This section breaks down the evidence provided by the vendor by control and indicates whether the evidence met the requirements.
- You can filter the list by All, Met, Unmet, and N/A.
- You can sort the list by clicking any of the table headers.
- If Adequacy = Unmet, view the same control in the Risk Finding Summary to determine whether the vendor remediated the control.
Risk Finding Summary
This section only displays if the vendor has completed remediation, and CORL updated the Executive Summary. This section describes whether the vendor met the remediation requirements.
-
- You can filter the list by All, Met, Unmet, and Client Accepted.
- You can sort the list by clicking any of the table headers.
Collaboration Score
As we've already discussed, this score indicates how well the vendor collaborated on completing the assessment.
Understanding the Vendor's Assessment Responses
If you want to dig into the vendor's responses to the questionnaire, view the Executive Summary report and click Assessment Responses. You can review the question, the vendor's response, the evidence provided, and any additional comments. For more information, see View Assessment Responses.
Reviewing Remediation Guidance
After you finish reviewing the Executive Summary report, you need to review CORL's remediation recommendations and determine next steps. view the Executive Summary report and click Remediation Guidance.
You can either accept CORL's recommendations or you can provide alternative guidance. For more information, see Review Remediation Guidance
Provide Executive Summary Feedback
The last step is providing CORL feedback on the Executive Summary report. Even if you are happy with the report, we would love the feedback to let us know how we are doing. View the Executive Summary report and click Submit Feedback. For more, see Provide Executive Summary Feedback.
Let's move on and talk about the big picture, and discover how each assessment contributes to your overall vendor risk picture.
Comments
Article is closed for comments.