The Executive Summary is the report you receive from CORL after we complete a vendor assessment. The Executive Summary report provides insight into the vendor's security posture.
You can export the report if you want to share the Executive Summary report with stakeholders or leadership.
- Navigate to Assessments > Assessments Overview and locate the assessment. For more information, see Locate Assessments.
- In the Completed column, click the vendor's card to View Assessments Details.
- Click View Assessment Results. Tip: Click the View Page icon
if you want to open the assessment in a new window.
- Review the Executive Summary. For more information, click the Understanding the Executive Summary tab.
- Click the Copy Link icon
if you want to copy and share a link to the assessment
- If you want to download a local copy of the the Executive Summary, click Export and select a format:
- Export Report: PDF
- Export Summary CSV: Excel in Comma-Separated Value format
- Export Summary XLSX: Excel format
- Export Risk CSV: Excel in Comma-Separated Value format
- Export Risk XLSX: Excel format
- Export DOCX: Editable Word file that is structured and printable.
Tip: You can find the file in your local file system's default downloads folder. The file name will contain your name, the vendor's name, and the environment.
- Click Assessment Responses if you want to view the vendor's responses to the questionnaire. For more information, see View Assessment Responses.
- Click Remediation Guidance if you want to view CORL's recommendations for vendor remediation. For more information, see Review Remediation Guidance.
- Click Submit Feedback to let us know how we did with the Executive Summary. For more information, see Provide Executive Summary Feedback.
Adjust the Level of Detail
The Executive Summary displays the results of a vendor assessment at a high level by default. You can use the Expand / Collapse All toggle buttons to change the level of detail that displays for a whole section.
You can use the arrows to expand and collapse the level of detail that displays for one item.
Multiple Environments
If we assessed multiple environments for one vendor, the Executive Summary report contains the following sections:
Navigation Bar: Allows you to jump to different sections of the report.
Component Overview: Indicates the risk rating for each environment in the assessment. Click View Details to navigate to the section of the report that applies to the environment.
Assessment Overview
Provides a snapshot of the vendor and the product.
Risk Rating Overview
Provides a summary of the risk. If you want to understand the score, click View Risk Rating Key to view the legend. For more information, see CORL Vendor Scoring Process.
- Risk Ratings always appear on the left.
- Depending on the vendor, additional options may display on the right to indicate what data the vendor can access (PCI, PII, PHI, Employee / Proprietary Data).
- You may also see indications for Offshore Data Access or Offshore Data Storage.
Risk Rating Control Summary
Describes the percentage of controls that met the requirements for each tier.
Note: This section does not display for CORL Cleared Assessments.
Validation Evidence Review
Provides an in-depth look at the evidence we requested from the vendor and indicates whether the evidence met the requirements.
- You can filter the list by All, Met, Unmet, and N/A.
- You can sort the list by clicking any of the table headers.
- If Adequacy = Unmet, view the same control in the Risk Finding Summary to determine whether the vendor remediated the control.
Risk Finding Summary
If the vendor has completed remediation, this section describes whether the vendor met the remediation requirements.
- You can filter the list by All, Met, Unmet, and Client Accepted.
- You can sort the list by clicking any of the table headers.