The Executive Summary is the report you receive from CORL after we complete an assessment. The Executive Summary report provides insight into the assessed vendor's security posture.
You can download a PDF version from the Client Portal if you want to share the Executive Summary report with stakeholders or leadership.
Topics in this article include:
View the Executive Summary
- Navigate to Assessments > Assessments Overview and locate the assessment. For more information, see Locate Assessments.
- Click the vendor's card to View Assessments Details.
- Click View Executive Summary. Tip: Click the new page icon
if you want to open the assessment in a new window.
- Review the Executive Summary. For more information, see Understanding the User Interface below.
- Click Export Report if you want to download the Executive Summary as a PDF. Tip: You can find the PDF in your local file system's default downloads folder. The file name will contain your name, the vendor's name, and the environment.
- Click Assessment Responses if you want to view the vendor's responses to the questionnaire. For more information, see View Assessment Responses.
- Click Remediation Guidance if you want to view CORL's recommendations for vendor remediation. For more information, see Review Remediation Guidance.
- Click Submit Feedback to let us know how we did with the Executive Summary. For more information, see Provide Executive Summary Feedback.
We would greatly appreciate feedback on every Executive Summary report.
Understanding the User Interface
Adjusting the Level of Detail
The Executive Summary displays the results of a vendor assessment at a high level by default. You can use the Expand / Collapse All toggle buttons to change the level of detail that displays for a whole section.
You can use the arrows to expand and collapse the level of detail that displays for one item.
Multiple Environments
If we assessed multiple environments for one vendor, the Executive Summary report contains the following sections:
Navigation Bar: Allows you to jump to different sections of the report.
Component Overview: Indicates the risk rating for each environment in the assessment. Click View Details to navigate to the section of the report that applies to the environment.
Standard Sections
All Executive Summary reports contain the following standard sections:
Assessment Overview: Provides a snapshot of the vendor and the product.
Risk Rating Overview: Provides a summary of the risk. If you want to understand the score, click View Risk Rating Key to view the legend. For more information, see CORL Vendor Scoring Process.
Risk Rating Control Summary: Describes the percentage of controls that met the requirements for each tier.
Validation Evidence Review: Provides an in-depth look at the evidence we requested from the vendor and indicates whether the evidence met the requirements.
- You can filter the list by All, Met, Unmet, and N/A.
- You can sort the list by clicking any of the table headers.
- If Adequacy = Unmet, view the same control in the Risk Finding Summary to determine whether the vendor remediated the control.
Risk Finding Summary: If the vendor has completed remediation, this section describes whether the vendor met the remediation requirements.
- You can filter the list by All, Met, Unmet, and Client Accepted.
- You can sort the list by clicking any of the table headers.
Collaboration Score: Indicates how well the vendor collaborated on completing the assessment.
- Overall Collaboration Score: calculated with equal weight of sub-score components below
- Response Timeliness: Responsiveness to assessments
- Remediation Timeliness: Timely with remediation
- Displays Good / Fair / Poor based on overall percent of time the threshold is met:
- Good: > 75%
- Fair: between 50% & 75%
- Poor: below 50%
- Good / Fair / Poor is NOT normalized, e.g., possible that 0 vendors show "good" for a certain requirement
Comments
Article is closed for comments.