NAVEX Case Studies ECHO Health Enables Business Growth with NAVEX Vendor Management
Edit This Case Study Record
NAVEX Logo

ECHO Health Enables Business Growth with NAVEX Vendor Management

NAVEX
Application Infrastructure & Middleware - Data Exchange & Integration
Healthcare & Hospitals
Business Operation
Regulatory Compliance Monitoring
Remote Asset Management
System Integration
ECHO Health, a company operating in highly regulated sectors, had to ensure its third-party vendors satisfy any related requirements. This involved sending a periodic compliance survey to around 10 vendors who handled a variety of work for ECHO, such as printing or call center services, which involved the handling of regulated information. Those involved in assessing third-party risk at ECHO would rely on tools like spreadsheets, calendar reminders and emailed forms to track vendor compliance. However, to support a recent opportunity for rapid growth, ECHO saw a major increase in the number of third-party vendors necessary for its operations. Each new vendor represented a new need to evaluate risk. The 130-person firm was on the precipice of a major business opportunity. It recognized the growth potential could only be realized with an efficient, scalable strategy to vet and monitor third-party partnerships.
Read More
ECHO Health, Inc. is a payment processor serving industries including the highly regulated sectors of health care and insurance. The company, based in Ohio, processes more than 175 million transactions annually. As a payment intermediary, ECHO handles a large amount of sensitive data such as patient health information. Compliance with regulations like the Health Insurance Portability and Accountability Act – HIPAA – is essential to ECHO’s business. The company was founded in 1997 and has a workforce of around 130 employees.
Read More
ECHO implemented NAVEX IRM, launching a comprehensive and holistic governance, risk and compliance program. NAVEX IRM is an “integrated risk management” solution that enables organizations to gain a comprehensive view of their business and operations from a risk perspective. It connects individual risk disciplines and manages them in centralized fashion. Implementing NAVEX IRM allowed a small team at ECHO to expand the scope of their vendor risk assessments eight-fold, clearing the way for the company’s growth. ECHO uses NAVEX IRM as a single portal to efficiently manage and monitor four risk-based tiers of vendor and subject each to differing levels of appropriate scrutiny.
Read More
ECHO designed an integrated risk management architecture as a foundation for third-party risk management in NAVEX IRM.
The architecture allowed for expansion of vendors under risk management eight-fold.
Risk-based approach allows for contextual and risk-based management of vendors.
Expanded the scope of their vendor risk assessments eight-fold.
Managed and monitored four risk-based tiers of vendor.
Download PDF Version
test test