Please note that the supplier information security requirements are based on the results of risk assessment and applicable legal requirements, which are exclusive for each organization because they are related to their context and risk appetite.
For example, two organizations may have the same cloud provider, but because they have different risk appetites, a requirement for the less risk+tolerant organization may not be used by the more risk +olerant one.
Included in your toolkit there is a list of commonly adopted security clauses for suppliers and partners that can help you define your supplier information security requirements. This template is on folder 08 Annex A Security Controls >> A.15 Supplier Relationships
This article will provide you a further explanation about security clauses for suppliers: