Every company has 3rd party suppliers, this can be your IT services you outsource or even your paper supplier. Some might even have access to your systems - just like in the 2014 breach of Target ( businessinsider.com/target-data-breach-explained-2014-2?op=1 ).
3rd party risk management addresses any risks and threats that might arise by offloading some of your organizations resplosibilities to an outside party to take care of, regardless of the task.
A company should manage any and all services supplied to it especially if IT or OT systems are being accessed, this can be done with the many frameworks that are available or even with a self envisioned framework.
We recommend to try and align all of your providers to a single, streamlined framework such as Security Essentials in Singapore (csa.gov.sg/cyber-essentials) for ease of management and alignment.