As organizations engage vendors/contractors to undergo pieces of work, vendors should understand and maintain the same (or higher) security posture as the organization. Security requirements for vendors should be clearly stated in contracts, and contracts should be review regularly, ensuring vendors are keeping to the requirement, before it is renewed.
Step-by-Step Guide: Contractors
Information Security Guidebook for Small and Medium Businesses