CORL Technologies Logo

Leading Design for a Transforming Security Company

CORL Technologies helps medical organizations assess their vendors to ensure patient and employee data is secure. Parux was brought in for a long-term engagement to help it design the user experience and user interface of their new SaaS platform.

User interface card from HealthOrbit displaying 'AxiomHealth Inpatient / Outpatient' status with a 'REQUESTED' progress bar and a 'CORLCleared™' verification, updated a day ago.

The What

A Platform to Assess Medical Vendors

CORL security experts work with medical providers to assess the security of their individual vendors. These assessments guide vendors in discovering vulnerabilities and recommendations to improve their products.

The Why

Keeping Patient Data Secure

Medical organizations work with patient data every second, every day. From personal information to medical records to payment methods, it’s important that its software and hardware vendors are taking security seriously to ensure that sensitive information is not exposed.

Professional man and woman reviewing documents on a tablet in a corporate office setting, framed within a smartphone interface with notification icons and a message alert.

The Brief

CORL Brings in Parux to Help Design Their SaaS Model

For years, CORL leveraged emails, web forms, and file sharing platforms to gather requirements from medical providers, and conduct assessments of vendors which include the submitting of responses and evidence. This process takes significant manual back-and-forth between all parties, leading to inefficiencies. CORL had a vision to custom-build a SaaS platform that would allow for quicker and better assessments. CORL partnered with Parux as it needed a seasoned user experience and user interface team to help them see their idea come to life.

  • Ideation
  • UX Design
  • UI Prototyping
  • Design System Management

The Users

One Platform for Three User Types

The CORL service involves heavy collaboration between three user types. Administrators of medical organizations are classified as Clients, and need to ensure their vendors are keeping data secure. Security experts at service providers are Vendors who need their products third-party assessed to stay secure. And the last is the CORL Team who needs to facilitate and analyze the assessments between Clients and Vendors.

The Client

Meet Cassandra

Cassandra is a security officer for a large hospital network. Her hospitals use hundreds of software and hardware products that could potentially interact with patient and employee data. One of her primary responsibilities is to identity which vendors have access to data, and to assess how they are securing that data.

Cassandra, persona representing the client

Personality

  • Tech Savvy 9.5/10
  • Analytics Centric 9/10
  • Open to Innovation 8/10
  • Organization 7/10

Pain Points

  • Has limited time to reach out and follow up with vendors.
  • Doesn’t have the intricate knowledge to properly review the responses and evidence vendors provide.
  • Overwhelmed with amount of vendors that need to be assessed.

The Vendor

Meet Nick

Nick is the Chief Technology Officer of a medical- software startup. He is trying to get into more hospitals but is having trouble answering security questionnaires for every prospective lead and existing customers. He’s trying to balance between keeping his platform secure and growing it with new features.

Nick, persona representing the vendor

Personality

  • Tech Savvy 9.2/10
  • Analytics Centric 8/10
  • Open to Innovation 9.2/10
  • Organization 6/10

Pain Points

  • Answering 200+ question assessments is time-consuming and feels redundant.
  • Wants to prove his platform is secure to close more deals.
  • Needs clear advice on the main security items that his team needs to address.

The CORL Team

Meet Lawrence

Lawrence is part of the CORL security assessment team. His job is to reach out to vendors, learn about their product, and send them a security assessment. Once the vendor submits their answers, Lawrence needs to organize and review all evidence, and then come up with an Executive Summary report for the Client.

Lawrence, persona representing the CORL Team Member

Personality

  • Tech Savvy 8/10
  • Analytics Centric 10/10
  • Open to Innovation 8.5/10
  • Organization 9/10

Pain Points

  • Has to jump between several different systems to organize evidence.
  • Doesn’t know who at the vendor is responsible for managing security.
  • Needs to stay on top of dozens of vendors to help them get their assessments done.

The Problem

Manual Processes are Inefficient

CORL had developed a simple assessment platform, but it required a lot of hands on flows from the CORL security assessment team. Vendors would respond using the platform, however the CORL Team was constantly moving evidence files from different folders which had a high-error rate. For example, Vendors and Clients could have multiple folders based on variations in names. With reviews happening outside of the application, CORL team members struggled to track which evidence had been reviewed and which needed further assessment.

For vendors and clients, the traditional assessment process was a long and repetitive process. Vendors questionnaires could easily exceed 200 questions, and a vendor answers the same questionnaire multiple times for different clients. Clients have the pain point of long lead times on Vendor responses which slows down their internal decision making.

The Solution

Introducing CORLCleared

CORLCleared is a re-envisioned way to conduct security assessments. Instead of clients sending vendors long, repetitive assessments, CORLCleared clients and vendors can collaborate using pre- screened security ratings and reports. Vendors who have their products CORLCleared fill out a streamlined assessment questionnaire once. CORL reviews their responses and evidence then assigns them security ratings. These ratings can quickly be shared with CORLCleared Clients to speed up new contractual relationships and keep existing relationships in good standing quickly.

The platform also included new features that go beyond assessments. This includes full product management, company security profiles, security incident response flows, and full security risk remediation management.

Parux was brought in for a long-term engagement to support the product team in the user experience and user interface design of the platform.

Comprehensive corporate risk management dashboard showing various metrics such as risk visibility, assessment age, vendor collaboration, activity timeline, and recommended tasks.

Designing the Platform

UX Flows & UI Prototyping

Parux’s designers worked hand-in-hand with the CORL product team using an agile methodology to define requirements and features. We analyzed current processes and found new ways to support existing needs while designing new flows to streamline user interactions. Each feature required extensive UX planning including flow charting, user journey maps, and wireframes that all fed full-fledged prototypes.

Risk assessment management interface on CORL Technologies' platform, showcasing sections for prioritized, active, and completed assessments with detailed status updates.

Designing the Platform

The Client Experience

Clients needed a platform where they could add and manage all their Vendors. Its experience needed to include the ability to ask these Vendors to complete a Company Profile that included security contacts, escalation plans, and service level agreement information.

The most important flows for a Client is the assessment process. This is where it can see how secure a Vendor is with private data. The Client assessment flow included a new assessment wizard, detailed response screen, and final Executive Summary design that has the final security results provided by CORL.

Assessment details interface for a healthcare vendor on CORL Technologies, highlighting the assessment's progress, phases, and additional notes.

Designing the Platform

The Vendor Experience

The goal of the Vendor experience was to streamline onboarding, add streamline process around CORLCleared assessments, and provide clear guidance on product security remediation and maintenance.

Product assessments are typically a burden on a Vendor’s IT staff so it was paramount to provide them with improved methods of response to requirements and easy upload of evidence.

In addition to assessment response, we designed user experiences and interfaces for a product setup wizard, remediation management to address security risks., and more.

Detailed questionnaire interface showing questions about access controls with response options and the ability to attach evidence or add comments.

Designing the Platform

The CORL Team Experience

The CORL Security team experience needed to add automated processes to push vendors along with assessments. This included a better way to manage assessment responses including evidence files. A unified platform that puts them in the middle between clients and vendors collaboration was critical to improve over-leveraged team members using redundant platforms.

A critical task was to give CORL a way to manage assessment questionnaires. We conceptualized a digital form builder where the CORL assessment team could create a new questionnaire through the platform in minutes instead of a long offline-flow.

User interface of the Questionnaire Builder in CORL Technologies' platform, featuring question management options for risk assessments.

Designing the Platform

Design System Management

In addition to the user experience and user interface design paths, Parux also lead an initiative to create a design system for the application. A design system is a blueprint of experiences and interface elements that promotes consistency and a high-standard design across an application.

Design system overview for CORL Technologies, displaying UI components such as badges, buttons, cards, along with data visualization elements like color schemes, fonts, and chart examples for consistent interface design.

The Result

A New Design System and Fresh User Experience for a Dynamic Platform

Over a year long engagement, Parux helped CORL re-think its digital user experience which lead to a successful launch of its new platform. Existing and new users were both accounted for in the new system and the new user experience and interface has been received well. CORL is now growing their platform and is utilizing the Parux-led design system to help rapidly prototype and launch critical, new features.

Dashboard interface showing risk visibility and assessment age metrics for divisions within an organization.
Read next Case Study: PT Solutions
Download CORL Case Study as PDF