a third party's information security risk with a holistic lens by performing assessment activities Identifies and discusses... any information security gaps in the service provider's program with the third party Escalates security issues or risks identified...