How would you design a vendor assessment process to ensure third-party tools meet security standards at Vodafone?