It's in the contracts. We can require suppliers to have specific certifications. For example, when our employees' personal information is involved, we require all our suppliers to have ISO 27018 certification, which covers the protection of personal information. That's one way to do it. Otherwise, we include specific standards or obligations in our contracts.
On May 15th, 2019. See this statement in context.