Watch this video on YouTube
During an audit, it's revealed that there's no formal process for evaluating and onboarding third-party vendors in terms of their security postures. As the Information Security Manager, what's your best approach to address this oversight?