Case Study: ECHO Health achieves eightfold expansion of vendor risk assessments and scalable third‑party risk management with NAVEX IRM (NAVEX)

ECHO Health Enables Business Growth with NAVEX Vendor Management

ECHO Health, a 135-person Ohio-based payment processor serving healthcare and insurance, needed a scalable way to manage third‑party vendors that handle sensitive patient data. Before NAVEX IRM the company relied on spreadsheets, emailed forms and calendar reminders to survey about 10 vendors — an approach that couldn’t support a planned period of rapid growth in a highly regulated environment.

By implementing NAVEX IRM’s third‑party risk management, ECHO built an integrated GRC program with a single portal, four risk‑based vendor tiers, automated assessments, document collection, scoring and reporting. The solution enabled the team to expand vendor assessments eightfold, respond quickly to emerging cybersecurity risks with targeted surveys, and run a more proactive, efficient vendor‑risk program that supports the company’s growth.

ECHO

Megan Sroka

Compliance Manager