I am curious if your procurement organization is doing any risk assessments for the third parties they engage. It is essential to understand and assess the risks associated with any product or service provided to your organization or its customers. Because your procurement team selectively works with specific third-party types. I would suggest collaborating with them to understand parameters that define their scope of work vs. yours and the process they apply when considering a new vendor. For the best risk management outcomes, I would strongly suggest that the two teams confirm that the same risk criteria are evaluated regardless of the product or service type and that they use the same inherent risk questions ( if not the same questionnaire) in both departments. That approach will allow you to direct your users to either Procurement or Third-Party Risk depending on the product and service type. And you won't need to worry about gaps in the risk assessment process.
I hope that answer is helpful, but I would love to hear from other members.