Vendor Risk Management for SaaS Providers

Our reliance on SaaS providers is growing, and with it, the complexity of vendor risk management. Beyond SOC 2 reports, what are the critical areas you scrutinize for SaaS vendors, especially those handling sensitive client data? Looking for practical tips on contract clauses and ongoing monitoring.