NAVEX > Case Studies > ECHO Health Enables Business Growth with NAVEX Vendor Management

ECHO Health Enables Business Growth with NAVEX Vendor Management

NAVEX Logo
Customer Company Size
SME
Region
  • America
Country
  • United States
Product
  • NAVEX IRM
Tech Stack
  • Risk Management Software
Implementation Scale
  • Enterprise-wide Deployment
Impact Metrics
  • Productivity Improvements
  • Digital Expertise
Technology Category
  • Application Infrastructure & Middleware - Data Exchange & Integration
Applicable Industries
  • Healthcare & Hospitals
Applicable Functions
  • Business Operation
Use Cases
  • Regulatory Compliance Monitoring
  • Remote Asset Management
Services
  • System Integration
About The Customer
ECHO Health, Inc. is a payment processor serving industries including the highly regulated sectors of health care and insurance. The company, based in Ohio, processes more than 175 million transactions annually. As a payment intermediary, ECHO handles a large amount of sensitive data such as patient health information. Compliance with regulations like the Health Insurance Portability and Accountability Act – HIPAA – is essential to ECHO’s business. The company was founded in 1997 and has a workforce of around 130 employees.
The Challenge
ECHO Health, a company operating in highly regulated sectors, had to ensure its third-party vendors satisfy any related requirements. This involved sending a periodic compliance survey to around 10 vendors who handled a variety of work for ECHO, such as printing or call center services, which involved the handling of regulated information. Those involved in assessing third-party risk at ECHO would rely on tools like spreadsheets, calendar reminders and emailed forms to track vendor compliance. However, to support a recent opportunity for rapid growth, ECHO saw a major increase in the number of third-party vendors necessary for its operations. Each new vendor represented a new need to evaluate risk. The 130-person firm was on the precipice of a major business opportunity. It recognized the growth potential could only be realized with an efficient, scalable strategy to vet and monitor third-party partnerships.
The Solution
ECHO implemented NAVEX IRM, launching a comprehensive and holistic governance, risk and compliance program. NAVEX IRM is an “integrated risk management” solution that enables organizations to gain a comprehensive view of their business and operations from a risk perspective. It connects individual risk disciplines and manages them in centralized fashion. Implementing NAVEX IRM allowed a small team at ECHO to expand the scope of their vendor risk assessments eight-fold, clearing the way for the company’s growth. ECHO uses NAVEX IRM as a single portal to efficiently manage and monitor four risk-based tiers of vendor and subject each to differing levels of appropriate scrutiny.
Operational Impact
  • ECHO designed an integrated risk management architecture as a foundation for third-party risk management in NAVEX IRM.
  • The architecture allowed for expansion of vendors under risk management eight-fold.
  • Risk-based approach allows for contextual and risk-based management of vendors.
  • Robust reporting provides executive and board-level reports.
  • Established proactive risk management process that better manages risk, frees up time for other activities, and provides better analysis of vendor fit and the overall vendor relationship.
Quantitative Benefit
  • Expanded the scope of their vendor risk assessments eight-fold.
  • Managed and monitored four risk-based tiers of vendor.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.