As recent security incidents demonstrate, third party service providers can cause significant cyber risks. Knowing this, what should a company do to mitigate and manage this risk? Our panel will address this issue by focusing on business aspects of security through the contracting process with service providers. We will discuss best practices to explore the security posture of a prospective vendor, including suggestions for additional cyber-related contract provisions.