NAVEX Case Studies ECHO Health Enables Business Growth with NAVEX Vendor Management

Edit This Case Study Record

	ECHO Health Enables Business Growth with NAVEX Vendor Management NAVEX

ECHO Health Enables Business Growth with NAVEX Vendor Management

NAVEX

Technology Category	Application Infrastructure & Middleware - Data Exchange & Integration
Applicable Industries	Healthcare & Hospitals
Applicable Functions	Business Operation
Use Cases	Regulatory Compliance Monitoring Remote Asset Management
Services	System Integration
Challenge	ECHO Health, a company operating in highly regulated sectors, had to ensure its third-party vendors satisfy any related requirements. This involved sending a periodic compliance survey to around 10 vendors who handled a variety of work for ECHO, such as printing or call center services, which involved the handling of regulated information. Those involved in assessing third-party risk at ECHO would rely on tools like spreadsheets, calendar reminders and emailed forms to track vendor compliance. However, to support a recent opportunity for rapid growth, ECHO saw a major increase in the number of third-party vendors necessary for its operations. Each new vendor represented a new need to evaluate risk. The 130-person firm was on the precipice of a major business opportunity. It recognized the growth potential could only be realized with an efficient, scalable strategy to vet and monitor third-party partnerships. Read More
About Customer	ECHO Health, Inc. is a payment processor serving industries including the highly regulated sectors of health care and insurance. The company, based in Ohio, processes more than 175 million transactions annually. As a payment intermediary, ECHO handles a large amount of sensitive data such as patient health information. Compliance with regulations like the Health Insurance Portability and Accountability Act – HIPAA – is essential to ECHO’s business. The company was founded in 1997 and has a workforce of around 130 employees. Read More
Solution	ECHO implemented NAVEX IRM, launching a comprehensive and holistic governance, risk and compliance program. NAVEX IRM is an “integrated risk management” solution that enables organizations to gain a comprehensive view of their business and operations from a risk perspective. It connects individual risk disciplines and manages them in centralized fashion. Implementing NAVEX IRM allowed a small team at ECHO to expand the scope of their vendor risk assessments eight-fold, clearing the way for the company’s growth. ECHO uses NAVEX IRM as a single portal to efficiently manage and monitor four risk-based tiers of vendor and subject each to differing levels of appropriate scrutiny. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - Data Exchange & Integration

Applicable Industries

Healthcare & Hospitals

Applicable Functions

Business Operation

Use Cases

Regulatory Compliance Monitoring

Remote Asset Management

Services

System Integration

Challenge

ECHO Health, a company operating in highly regulated sectors, had to ensure its third-party vendors satisfy any related requirements. This involved sending a periodic compliance survey to around 10 vendors who handled a variety of work for ECHO, such as printing or call center services, which involved the handling of regulated information. Those involved in assessing third-party risk at ECHO would rely on tools like spreadsheets, calendar reminders and emailed forms to track vendor compliance. However, to support a recent opportunity for rapid growth, ECHO saw a major increase in the number of third-party vendors necessary for its operations. Each new vendor represented a new need to evaluate risk. The 130-person firm was on the precipice of a major business opportunity. It recognized the growth potential could only be realized with an efficient, scalable strategy to vet and monitor third-party partnerships.

About Customer

ECHO Health, Inc. is a payment processor serving industries including the highly regulated sectors of health care and insurance. The company, based in Ohio, processes more than 175 million transactions annually. As a payment intermediary, ECHO handles a large amount of sensitive data such as patient health information. Compliance with regulations like the Health Insurance Portability and Accountability Act – HIPAA – is essential to ECHO’s business. The company was founded in 1997 and has a workforce of around 130 employees.

Solution

ECHO implemented NAVEX IRM, launching a comprehensive and holistic governance, risk and compliance program. NAVEX IRM is an “integrated risk management” solution that enables organizations to gain a comprehensive view of their business and operations from a risk perspective. It connects individual risk disciplines and manages them in centralized fashion. Implementing NAVEX IRM allowed a small team at ECHO to expand the scope of their vendor risk assessments eight-fold, clearing the way for the company’s growth. ECHO uses NAVEX IRM as a single portal to efficiently manage and monitor four risk-based tiers of vendor and subject each to differing levels of appropriate scrutiny.

Impact #1	ECHO designed an integrated risk management architecture as a foundation for third-party risk management in NAVEX IRM.
Impact #2	The architecture allowed for expansion of vendors under risk management eight-fold.
Impact #3	Risk-based approach allows for contextual and risk-based management of vendors.

Impact #1

ECHO designed an integrated risk management architecture as a foundation for third-party risk management in NAVEX IRM.

Impact #2

The architecture allowed for expansion of vendors under risk management eight-fold.

Impact #3

Risk-based approach allows for contextual and risk-based management of vendors.

Benefit #1	Expanded the scope of their vendor risk assessments eight-fold.
Benefit #2	Managed and monitored four risk-based tiers of vendor.

Benefit #1

Expanded the scope of their vendor risk assessments eight-fold.

Benefit #2

Managed and monitored four risk-based tiers of vendor.

Download PDF Version

Overview

ECHO Health Enables Business Growth with NAVEX Vendor Management

Operational Impact

Quantitative Benefit