Mechanisms exist to control personnel security requirements including security roles and responsibilities for third-party providers.
Does the organization control personnel security requirements including security roles and responsibilities for third-party providers?