Request
Suppliers and key partners need to provide you with substantive information relating to their own Cyber Security policies, processes, procedures, capabilities, monitoring and governance actions that makes them an organisation to do business with.
Request(s) can be via questionnaires, interviews or informal discussions, but this is the 3rd parties chance to articulate what they do and don’t have and what they do well and where there may be gaps to be addressed.