This would be covered under ISO 22000:2018 clause 7.1.6 Control of externally provided processes, products or services.
The organization shall:
a) establish and apply criteria for the evaluation, selection, monitoring of performance and re- evaluation of external providers of processes, products and/or services;
b) ensure adequate communication of requirements to the external provider(s);
c) ensure that externally provided processes, products or services do not adversely affect the organization's ability to consistently meet the requirements of the FSMS;
d) retain documented information of these activities and any necessary actions as a result of the evaluations and re-evaluations.
The extent of the requirements would be dependent on risk, but typical requirements are certification of the supplier to a GFSI benchmarked standard including a relevant scope or alternatively a supplier audit conducted by a demonstrably competent auditor (in both cases the report should be reviewed by an authorised competent person such as the Food Safety/HACCP Team Leader).