If you’re considering partnering with a service provider, it’s essential also to consider the security risks they could introduce to your organization. The primary security risks associated with service providers are as follows.
Service providers may not be completely transparent with their security policies, data security standards, security management practices, or their strategy for mitigating third-party cloud service risks - a critical attack vector category.
https://www.upguard.com/blog/encouraging-vendor-risk-assessment-responses>How to Manage Service Provider Security Risks
This will help internal and external security teams prioritize remediation tasks with the most significant security posture benefits, helping you manage your service provider security risks more efficiently.