Download PDF
NAVEX > Case Studies > ECHO Health Enables Business Growth with NAVEX Vendor Management
NAVEX Logo

ECHO Health Enables Business Growth with NAVEX Vendor Management

Technology Category
  • Application Infrastructure & Middleware - Data Exchange & Integration
Applicable Industries
  • Healthcare & Hospitals
Applicable Functions
  • Business Operation
Use Cases
  • Regulatory Compliance Monitoring
  • Remote Asset Management
Services
  • System Integration
The Challenge
ECHO Health, a company operating in highly regulated sectors, had to ensure its third-party vendors satisfy any related requirements. This involved sending a periodic compliance survey to around 10 vendors who handled a variety of work for ECHO, such as printing or call center services, which involved the handling of regulated information. Those involved in assessing third-party risk at ECHO would rely on tools like spreadsheets, calendar reminders and emailed forms to track vendor compliance. However, to support a recent opportunity for rapid growth, ECHO saw a major increase in the number of third-party vendors necessary for its operations. Each new vendor represented a new need to evaluate risk. The 130-person firm was on the precipice of a major business opportunity. It recognized the growth potential could only be realized with an efficient, scalable strategy to vet and monitor third-party partnerships.
About The Customer
ECHO Health, Inc. is a payment processor serving industries including the highly regulated sectors of health care and insurance. The company, based in Ohio, processes more than 175 million transactions annually. As a payment intermediary, ECHO handles a large amount of sensitive data such as patient health information. Compliance with regulations like the Health Insurance Portability and Accountability Act – HIPAA – is essential to ECHO’s business. The company was founded in 1997 and has a workforce of around 130 employees.
The Solution
ECHO implemented NAVEX IRM, launching a comprehensive and holistic governance, risk and compliance program. NAVEX IRM is an “integrated risk management” solution that enables organizations to gain a comprehensive view of their business and operations from a risk perspective. It connects individual risk disciplines and manages them in centralized fashion. Implementing NAVEX IRM allowed a small team at ECHO to expand the scope of their vendor risk assessments eight-fold, clearing the way for the company’s growth. ECHO uses NAVEX IRM as a single portal to efficiently manage and monitor four risk-based tiers of vendor and subject each to differing levels of appropriate scrutiny.
Operational Impact
  • ECHO designed an integrated risk management architecture as a foundation for third-party risk management in NAVEX IRM.
  • The architecture allowed for expansion of vendors under risk management eight-fold.
  • Risk-based approach allows for contextual and risk-based management of vendors.
Quantitative Benefit
  • Expanded the scope of their vendor risk assessments eight-fold.
  • Managed and monitored four risk-based tiers of vendor.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.