Follow these security guidelines when doing business with third parties:
You must notify the IT Security Officer before seeking third party contracts
The applicable procurement department must be involved in the selection
The risks with respect to IT systems and information must be assessed