Linux.com - https://www.linux.com/news/cybersecurity-vendor-selection-what-needs-be-good-policy
Operating a company in the modern enterprise landscape requires a reliance, to some degree, on third-party vendors. It’s unavoidable. But the addition of each new vendor brings with it a certain amount of risk.
Starting small is key. Company leaders should work with their CISO or CSO to determine their minimum acceptable security standards, and use that as a baseline criteria, according to Gartner research director Mark Horvath. This should be done even before a request for proposal (RFP) or request for information (RFI) is written, Horvath said.