Do you perform security reviews on all of your 3rd parties (vendors)? If so, how often?

Yes. All new vendors go through a security review, are assigned a criticality level with all critical vendors reassessed annually.