Continuous monitoring of vendor security posture - Regular reassessment (annually at minimum) - Threat intelligence feeds for vendor compromise indicators - Contractual security requirements and audit rights