We only partner with providers that are certified under major privacy and security standards. Namely GDPR, CCPA and ISO and SOC compliances (ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3). Internally, we are working towards our ISO 27001 certification. In my experience, "working towards" is often enough to satisfy various ISO requirements.
At the organisational level, ISO 27001 certification.
At the technical level, we follow best practices and guidance, for example: