Request a New Vendor Assessment

You can request a new vendor assessment at any time. After you submit the request, CORL receives a ticket and will create the request. 

There are multiple screens that must be completed in order:

• Start a New Vendor Assessment
• Specify the Vendor
• Provide the Scoping Information (standard assessment only)
• Provide the Assessment Details
• Confirm and Submit Assessment Request

Start a New Vendor Assessment

1. Do one of the following:

• • From the Command Center, select Create New Assessment Request.
  • Navigate to Assessments > Request Assessment.
  • Navigate to Assessments Overview, select New Assessment Request.

The Assessment Request page displays. 

2. In Select Assessment Category, select one of the following:

• • Full Assessment: Select this option to request a full assessment that includes vendor scoping questions, vendor security questions, Executive Summary report of the assessment results, and updated Executive Summary report after the vendor completes remediation.
  • Pre-Assessment Only: Select this option to request a pre-assessment report based on publicly available information.
  • Both: Select this option to request both a Full Assessment and a Pre-Assessment.

3. In Select Assessment Type, select one of the following:

• • Yes, this is CORLcleared: Select this option if you are a CORLcleared client and you want the vendor to complete the CORLcleared questionnaire.
  • No: Select this if you want the vendor to complete the standard CORL questionnaire. Note: all clients, including CORLcleared clients, can request a standard assessment. 

Tip: If you are not familiar with CORLcleared, select No.

4. In Select Validation Type, indicate whether you want a Validated Assessment where CORL validates the vendor's questionnaire responses.  Tip: Select Validation Type only appears if your contract includes validated assessments.
5. Click Next.

The Vendor Overview page displays. Go to the next section.

Back to Top

Specify the Vendor

Vendor lookup assists you in filling out vendor information and ensuring that accurate vendor data forms the basis of the assessment. After you provide the vendor name and URL, the Client Portal displays possible matches. If no vendors match, you can manually add a new vendor.

1. In Vendor Information, type the Vendor Name and Vendor Company URL. Tip: Specify the URL for the product that you want assessed. This might be the vendor's top level URL or it might be a URL specific to the product. 
2. Click Next. The Vendor Overview page updates to display a list of possible matches. 

3. If you find a match, Select the vendor and click Next.

If you requested a standard assessment, skip to Provide the Scoping Information (Standard Assessment Only).

If you requested a CORLcleared assessment, skip to Provide the Assessment Details.

4. If you do not find a match, click Manually Add Vendor. The Vendor Overview page updates. Go to Manually Add a Vendor

Manually Add a Vendor

1. Specify the Vendor Information:

• • Vendor Name: Specify the vendor's official corporate name. 
  • Vendor Company URL: Tip: Specify the URL for the product that you want assessed. This might be the vendor's top level URL or it might be a URL specific to the product. 
  • Vendor Headquarters Country: Select the country where the vendor's official headquarters are located. 
  • Vendor State: Select the state where the vendor's official headquarters are located. Tip: The selections in the list depend on the country you select so be sure you select the country first. 

2. Specify the Vendor Contact information for the person in the vendor's organization that will complete the assessment:

• • First Name
  • Last Name
  • Title
  • Phone Number. Tip: This field is not required, but this information is extremely helpful if it is necessary to reach out to the vendor. 
  • Email

3. Specify the Product Information and indicate what your company plans to purchase from the vendor. Be as accurate and complete as possible. 

• • Is this request for a vendor product or service?
  • Is the product a medical device?
  • At what location is this product / service being implemented?
  • Product or Service Name Tip: Do not use special characters. 
  • Model or Version Identifier
  • Product URL
  • Product or Service Description

4. Click Next.

If you requested a standard assessment, go to the next section.

If you requested a CORLcleared assessment, skip to Provide the Assessment Details.

Back to Top

Provide the Scoping Information (Standard Assessment Only)

Tip: If you are requesting a CORLcleared assessment, this screen does not display. Skip these steps and proceed to Provide the Assessment Details.

1. In How will the Scoping Information be collected? select one of the following:

• • CORL to Contact Vendor: CORL will contact the vendor for scoping information. 
  • We'll Provide the Scope: You will provide the scoping information and don't want CORL to contact the vendor. Drag and drop the file containing the scoping information.

2. In How will Security Control Information and Evidence be collected? select one of the following:

• • CORL to Contact Vendor: CORL will contact the vendor and request vendor / product security control information and evidence. 
  • We'll Provide the Security Information: You will provide the security information and don't want CORL to contact the vendor. Drag and drop the file containing the security information. 

3. Click Next. 

The Manage Assessment page displays. Go to the next section.

Back to Top

Provide the Assessment Details

Tip: Add the business stakeholder as both a contact and as a Client Portal user. For more information, see Client Portal Contacts and Client Portal Users.

1. In the Business Stakeholder section, provide the information for the person in your organization who is requesting this assessment:

• • Business Stakeholder First Name
  • Business Stakeholder Last Name
  • Business Stakeholder Department
  • Business Stakeholder Email
  • Business Stakeholder Phone

2. In Vendor Inherent Risk, answer the following questions:

• • In what environment do you plan to implement this solution? Select the options that apply. If you are unsure, select Unknown.
  • Will the vendor (or anyone working on their behalf) receive, process, access, transmit or store any data from your organization? If so please indicate what type of data. If the answer is no, do not make any selections. If the answer is yes, select the options that apply.
  • If the vendor has access to your data, where will the data be stored? If the answer to the previous question is yes, select the options that apply.
  • Will the vendor (or anyone working on their behalf) have access to your network? If yes, indicate what type of access. If the answer is no, select Vendor will not have access to the network. If yes, select the options that apply.
  • Approximately what volume of data will the vendor have access to? If the vendor will have access to your data, estimate the approximate volume of data. 
  • If you were temporarily unable to access this vendor's product or services, what business functions would be adversely impacted? Select the options that apply. Tip: Add the comments on the next page. 
  • What is your Inherent Risk Rating for this vendor/product? Select your best estimate on the risk this vendor poses to your organization. 
  • Is there an executed Business Associate Agreement (BAA) between your organization and the vendor? If you don't know the answer, select Not sure. 
  • Is there an executed Information Security Agreement between your organization and the vendor? If you don't know the answer, select Not sure. 

3. Click Next.

The Confirm and Submit Request screen displays. Proceed to the next section. 

Back to Top

Confirm and Submit Assessment Request

Tip: You can upload a maximum of 10 files at one time. Each file has a 10 mb limit. You cannot upload zip files. If you need to upload more than 10 files, upload in batches of 10. 

1. Use Expand / Collapse to review your assessment request. Click Edit Section if you want to make any changes. Tip: After you click Submit, you cannot make any changes.  
2. (Optional) In Additional Information, drag and drop any files that will help CORL create or complete the assessment. 
3. (Optional) In Add Comments / Notes provide any additional information that will help CORL create or complete the assessment.
4. Click Submit. The Client Portal creates a ticket and displays a message to confirm the assessment request was successfully submitted. The Command Center displays. 

Tip: You can view the status of your assessment request in the Support Desk. For more information, see Obtain Support.

5. If you need to make changes after you click Submit, you can add a comment to the ticket or you can submit a new ticket. For more information, see Obtain Support. 
6. After CORL processes your request, you can view the progress in the assessment queue. For more information, see View the Assessment Queue.

Back to Top