Involves evaluating vendors’ security policies, procedures, and processes, as well as their financial and compliance status. This allows organizations to identify and mitigate risks associated with third-party vendors.