Enter your details and we’ll email you the COI RFP template:
This form may not be visible due to adblockers, or JavaScript not being enabled.
For a lot of teams, the search for a Conflict of Interest management solution starts because the current process is no longer holding up. Maybe the business has no dedicated system and disclosures are being managed in spreadsheets, email chains, shared folders, or forms that were never designed for sensitive compliance workflows. Or maybe there is a system in place, but it is clunky, hard to configure, weak on audit history, and no longer fit for purpose.
That is usually the breaking point.
What looked manageable at first starts creating drag everywhere else. Disclosures are harder to track. Review steps get inconsistent. Permissions become messy. Reporting takes too long. Internal audit asks for evidence and the exports do not line up with what actually happened. Teams end up spending more time proving the process than running it.
That is often what pushes organizations to start looking for a dedicated, fit-for-purpose conflict of interest solution.
The problem is that once they enter the market, the buying process is not much easier. Most demos and product pitches start to blur together. On the surface, every vendor seems to offer forms, workflows, reporting, and dashboards. The differences show up later, usually under pressure, when you need to prove what happened, who approved what, what changed, and when.
“A common frustration we hear is that the conflict of interest software market can be surprisingly hard to navigate. A lot of solutions look similar in a demo, but once teams start digging into audit history, permissions, reporting, integrations, and day-to-day usability, the gaps become much clearer. By that point, it is often hard to separate what is genuinely fit for purpose from what has simply been pitched well.”
Michael Vidoni, Senior GRC Client Executive and Customer Success
That is exactly why we built this conflict of interest request for proposal template with scoring guidance. It is designed to help compliance, legal, risk and procurement teams run a more defensible evaluation process and compare vendors on what actually matters, not just who gave the slickest demo.
This matters even more in industries such as healthcare, where disclosure programs often sit beside other transparency and reporting obligations. For example, the Centers for Medicare and Medicaid Services (CMS) Open Payments program published 16.16 million records totaling $13.18 billion for Program Year 2024 alone. That scale is exactly why teams end up looking for compliance automation and compliance management software, not more spreadsheets
And spreadsheets are the trap. Research into spreadsheet development shows errors are common even in controlled settings, and small cell-level error rates can still cause bottom-line reporting issues.
This template is built to help you ask better conflict of interest questions, score answers more consistently, and avoid the usual buying mistakes.
It covers more than just forms. It gives you a structured way to evaluate:
- disclosures and attestations
- campaign workflows and reminders
- reviews and approvals
- audit logs and evidence trails
- reporting and exports
- security and compliance requirements
- retention and integrations
- project management and collaboration
- go live and hyper care
- support structure, ticketing, and SLAs
- disaster recovery and business continuity
- account management and post-implementation support
- data migration approach and experience
We built it because we kept hearing the same thing from our expert community and compliance and internal audit teams: procurement gets forced to move fast, the request for proposal ends up too high-level, and the missing requirements show up after go-live. Usually right when you are trying to prove controls, answer audits, and reduce manual work.
What you get in the download this conflict-of-interest RFP
Inside the template, you’ll find a structured spreadsheet of questions you can paste directly into an RFP, plus evaluation prompts to help you score answers consistently.
This is built for teams who want a defensible buying process, not a pile of “yes, we support that” answers. You will get:
- Copy-ready conflict of interest questions organized by capability area, so vendors cannot hide behind vague claims
- Scoring guidance to help you compare answers apples-to-apples, including space to mark requirements as must-have, nice-to-have, or out of scope
- Proof prompts that push vendors to show how something works (screenshots, sample exports, audit log examples), not just describe it
- Optional healthcare-specific prompts for Open Payments workflows
It includes vendor questions across:
- Declaration and disclosure workflows
New disclosures, updates or amendments, withdrawals, “no conflicts” attestations, and supporting attachments - Campaign management
Annual recertification, automated reminders, resubmissions, and the option to send communications from a shared compliance mailbox - Review workflows and approvals
Routing by role, escalations, requests for more information, approver notes, and clear accountability - Monitoring and notifications
Targeted reminders by team, risk level, and conflict of interest type, plus visibility into overdue items - Access controls and permissions
Role-based access control, restricted access, and delegated approvers for coverage during leave or role changes - Audit logs and version history
Time-stamped changes, record versioning, administrator action logs, and exportable logs for investigations and internal audit - Search, reporting, dashboards, and exports
Status tracking, overdue reporting, risk trend reporting, plus exports to Excel, comma-separated values, or portable document format files - Repository, archiving, and retention
A secure repository, bulk archiving, and configurable retention periods that match policy requirements - Integrations and identity management
Human resources information system synchronization, single sign-on, connections to reporting tools, and alignment with other compliance workflows - Security and compliance requirements
Encryption in transit and at rest, multi-factor authentication, and security information and event management integration for log monitoring
If you also need to evaluate Centers for Medicare and Medicaid Services Open Payments workflows, (for example data ingestion, matching, reconciliation, dispute management, and evidence-ready reporting), this template gives you the base structure to add those sections cleanly instead of bolting them on at the end.
Who this template is for
- Compliance and ethics teams running COI disclosures and attestations
- Healthcare compliance teams that also manage Open Payments reconciliation and reporting expectations
- Legal, risk, and internal audit teams who need audit trails, role-based access, and exportable evidence
- Procurement teams that need a consistent scoring approach and vendor comparability
- Organizations replacing spreadsheets or outdated tools with fit-for-purpose compliance management software
In a glimpse: what to look for when evaluating a conflict of interest solution
A strong conflict-of-interest (COI) tool should not just collect disclosures. It should reduce admin, support consistent decisions, and make it easier to prove what happened.
“If I go off to another compliance office and they don’t have anything like this in place, I will be suggesting CoreStream GRC. I think it’s a great system. It’s an easy process, for employees and for us. We can log in and very easily do what we need to do. I really do enjoy CoreStream.”
April Daniel, Director Compliance Operations, UNT Health
Here are the areas your RFP should cover.
1) Declarations that reflect real life
A conflict of interest tool should support more than a one-time “submit and forget” form. Your RFP should force clarity on whether users can declare new conflicts, update or amend prior conflicts, withdraw declarations, declare “no conflicts,” and attach supporting evidence.
2) Configurable conflict of interest forms without vendor dependency
If your conflict of interest policy changes, you should not need a services engagement to update a question. Press for configuration control, conditional logic, multiple questionnaire types (annual, ad hoc, triggered), multilingual support, and basic branding.
3) Campaigns that actually drive completion
Annual recertifications, ad hoc disclosures, triggered forms, and new hire workflows all need to work cleanly.
Ask whether the system can run multiple campaigns at once, automate reminders, allow resubmissions, support compliance-mailbox sending, and make notifications look legitimate rather than spammy.
This is often where operational friction builds up, especially when you are trying to chase responses across large employee groups.
4) Review workflows with accountability
You need more than a submission form and a yes/no approval.
A strong Conflict-of-Interest solution should support routing by role, multiple review stages, escalation paths, requests for more information, approver notes, mitigation plans, and evidence of every handoff in the workflow. It should also support evolving review procedures over time, rather than forcing you into a rigid model.
5) Permissions that match sensitivity
Conflict of interest data is sensitive. Access needs to be tight.
You should be testing for role-based access control, restricted visibility by team or authority level, compliance-only access for sensitive records, and delegated approvals when managers are out of office
6) Audit logs you can defend
This is non-negotiable. You want timestamped changes, record versioning, auditable admin actions, and logs that can be exported in common formats for audit and investigations.
7) Reporting, dashboards, and exports
You need basic operational visibility: who has submitted, who is overdue, what is pending approval, and what risk categories are trending. The template prompts for dashboards plus searchability and export options.
8) Retention, archiving, and defensible storage
Ask where disclosures live, how they are archived (single and bulk), and whether retention periods can be configured to meet your policies.
9) Integrations that reduce admin load
Confirm HRIS sync (for employee data), SSO support (SAML, OAuth, AD), whether conflict of interest data can feed into reporting tools (like Power BI), and whether the conflict of interest solution aligns with other compliance workflows like gifts and hospitality.
10) Security controls that meet enterprise expectations
Encryption at rest and in transit, MFA, and the ability to integrate audit logs into SIEM tools for monitoring are baseline requirements.
Our healthcare add-on: questions to ask if Open Payments is in scope (healthcare)
If you are evaluating conflict of interest software in healthcare, Open Payments is often where “good enough” tools fall apart.
- How do you ingest CMS Open Payments data, and how frequently can it refresh?
- What matching logic is supported (person, entity, role, thresholds)?
- Can users review and reconcile Open Payments data within the COI workflow?
- What dispute and remediation workflows exist, and how is evidence captured?
- What reports are available for monitoring, audit, and leadership updates?
- Is there an Open Payments API option to automate reconciliation and reduce manual comparison work?
Why choose CoreStream GRC for Conflict of Interest management
If you are evaluating conflict of interest software, the real question is not “can it collect disclosures?” It is whether the system will still hold up when policy changes, leadership wants proof, and internal audit needs a clean, exportable trail fast.
That is where CoreStream GRC tends to win. Teams pick it because it is usable out of the box, flexible enough to match real workflows, and simple for both employees and administrators, without constant workarounds.
If you want a conflict of interest program that is easier to run, easier to prove, and easier to defend, explore the CoreStream GRC conflict of interest solution.
Enter your details and we’ll email you the COI RFP template:
This form may not be visible due to adblockers, or JavaScript not being enabled.
Frequently asked questions
Conflict of interest software helps organizations collect, review, track, and manage disclosures in a structured way. A good system does more than gather forms. It supports review workflows, approvals, reminders, reporting, and audit trails so teams can manage the full COI process properly.
The best conflict of interest software is the one that fits your real workflows, not just your shortlist of features. Organizations should look for software that is easy to use, flexible to configure, strong on auditability, and capable of supporting both day-to-day administration and future compliance demands. A solid RFP and scoring process makes that decision easier and more defensible.
Most teams switch when spreadsheets, shared inboxes, or basic forms stop being reliable. Manual processes create friction fast. It becomes harder to track disclosures, manage approvals, restrict access, prove what happened, and respond to audit requests. A dedicated COI tool helps reduce that admin burden and gives teams a clearer, more defensible process.
A good conflict of interest tool should be easy to use, flexible enough to match real workflows, and strong on auditability. It should support disclosures, annual attestations, reminders, approvals, role-based permissions, reporting, and clean audit history. Just as important, it should still work well when your policy changes, your program expands, or internal audit asks for evidence fast.
A common mistake is buying based on surface-level feature lists without testing how the tool performs under real pressure. Another is keeping the RFP too high-level, which makes every vendor sound similar. Teams also get caught out by weak reporting, poor audit history, rigid workflows, and too much dependency on the vendor for changes after go-live.
Because collecting disclosures is only part of the job. Teams also need to prove what happened. A strong audit trail shows who submitted what, who reviewed it, what changed, what decision was made, and when. That matters for internal audit, investigations, leadership reporting, and overall trust in the process.
