Hello. I'm struggling with assigning a risk classification to clinical study providers. For example, if a supplier helps us to manage clinical data or helps us maintain HIPAA compliance, what is the extent of control we should have over these suppliers? It is a compliance risk rather than a device quality risk/patient risk. How does everyone else manage these suppliers? Thanks.