The process, to be effective, must be ongoing and managed to ensure that vendors meet required standards.
Always make sure things like network segmentation, endpoint protection, central authentication, central patch management, and other good practices are in place.
