Ongoing vendor monitoring is a critical component of third-party risk management (TPRM) and focuses on continuously validating that vendors maintain required security controls throughout the lifecycle of the relationship. According to CompTIA Security+ SY0-701, the most effective ongoing monitoring method is conducting assessments to verify compliance with security requirements. These assessments may include periodic security questionnaires, audits, penetration test results, SOC reports, or compliance attestations that are independently validated.

Option A, requiring a new MSA for each project, is a contractual activity, not a monitoring mechanism. Option B—accepting self-attestation without verification—introduces risk and is specifically discouraged in SY0-701 because it lacks assurance. Option D, reviewing SLAs at contract start, is a one-time activity and does not provide continuous oversight.

Ongoing assessments allow organizations to detect control drift, identify new risks, and ensure vendors remain compliant with evolving regulatory and security expectations. This proactive approach is essential for managing supply chain risk and protecting organizational data.

Therefore, the correct answer is C: Conducting assessments to verify compliance with security requirements.