SOC 1 & 2 compliance with outsourced development team?

My company just hired a team in India for development work. They will have full access to our network via VPN. They will not have access to client data directly. My question is…

Are we required to follow the same controls for offshore contractors as we are for fulltime employees? ie… background checks, NDAs, Policy Approvals, Security Awareness.