The best way to ensure that all vendors comply with a risk assessment policy is to have a comprehensive vendor management program in place. This program should include a process for conducting due diligence on vendors, a process for assessing vendor risk, a process to review and monitor vendor performance, and a process for enforcing risk management policies. Additionally, it is important to have clear expectations and a communication plan in place to ensure that vendors understand the risk assessment policy and that they are aware of any changes that may be made. Finally, having a strong process for tracking and documenting all vendor activities will help to ensure that all vendors are compliant.