Technology enablement is a key unlock the benefits of an enterprise GRC program. Technology
enablement improves operational efficiencies, program effectiveness and enable holistic view of
risk and compliance posture of the organization.

GRC enablement is not an end-state but a continuous journey. Once deployed, a successful platform requires the right support and maintenance. Annual end-to-end system health checks help identify red flags and address any issues prior to implementing new features & functionality.

Unlock the full potential of your GRC system with our comprehensive system health check.

To learn more about this service offering, please contact Sayali Sheth – Technical Director & Archer Practice Lead


Let’s connect and explore the possibilities together!

Elevate your organization’s security operations program efficiency with our comprehensive services. Explore our transformative approach that combines program maturity and technical capability to strengthen your security posture and streamline workflows.

To learn more about services and offerings, please contact us @

Matthew Smith, Director – Security Operations Program


Let’s connect and explore the possibilities together!

Explore the report from our latest cybersecurity survey from people/experts in the cybersecurity field that provided input on the primary cybersecurity challenges organizations face regarding data breaches such as DDOS attacks, ransomware, social engineering, and insider threats.

Managing digital identity to fortify and secure your business!

With increasing cyber security threats, managing identity risk has become more challenging for CISOs and IAM Professionals.

Organizations must have a robust IAM Program and systems to help protect various types of user information, data, resources, and their designated access. We at Templar Shield provide comprehensive end-to-end services for managing identities, authentication, authorization,and permissions to digital assets and resources by enabling organizations to control and manage access and visibility of who has access to what.

Our IAM practice is comprised of seasoned professionals with rich experience in providing end-to-end IAM services ranging from advisory,assessment, consulting, implementation, and managed services delivering identity security solutions to solve various stakeholders’ challenges.

Given the current economic environment, it’s more important now to ensure that the organizations have their Governance, Risk and Compliance programs running efficiently. An integrated GRC program leads to better performing organizations.

Templar Shield Energy & Utilities Webinar Series: Leveraging AI for Third-Party Risk Automation in Energy and Utilities with Black Kite and ServiceNow

Our expert speakers provided comprehensive insights on how Energy & Utilities can employ AI to enhance third party risk automation with a ServiceNow and Black Kite integration on the NOW platform.

Hosted by- Daryl Riley (Sr Manager, Templar Shield)

Featuring our Expert Panellists: 

Jasen Dill -(Manager-GRC/IRM Practice, Templar Shield)
Candon Bolukbas -(CTO & Co-Founder Black Kite)
Mitch Blackburn -(Global Head of Energy & Utilities Solutions,ServiceNow)

Webinar Recording – Leveraging AI for Third-Party Risk Automation in Energy & Utilities with Black Kite and ServiceNow

Templar Shield BFSI Webinar Series: Leveraging AI for Third-Party Risk in Financial Services with Black Kite and ServiceNow

Our expert speakers provided comprehensive insights on how financial services can employ AI to enhance third-party risk management with a ServiceNow and Black Kite integration on the NOW platform.

Hosted by- Daryl Riley (Sr Manager, Templar Shield)

Featuring our Expert Panellists: 

Jasen Dill -(Manager-GRC/IRM Practice, Templar Shield)
Candon Bolukbas -(CTO & Co-Founder Black Kite)
Alan L. Paris -(Global Head- Risk and Compliance Architecture – Financial Services,ServiceNow)

Webinar Recording – Leveraging AI for Third-Party Risk in Financial Services with Black Kite and ServiceNow

Third-Party Risk Management Framework

April 11, 2023 | Author: Narayanan Rajendran

Today’s third parties require more access to data assets of organizations they do business with and are increasingly working with their own third parties (also known as Nth or Fourth Parties), multiplying the size and complexity of the third-party network. In fact, in the last four years, legal and compliance leaders have classified 2.5X more third parties as high-risk. Gartner’s study on Third-party risk, reveals that twice as many compliance leaders identify third-party risk as a top threat. This is because third-party risks have fundamentally changed. Leaders say they have experienced:

More than 4,100 publicly disclosed data breaches occurred in 2022 exposing approximately 22 billion records (reported by Security Magazine). Every third party an organization is engaging, they must consider various associated third-party risks, including financial risks, reputation, resiliency, information security, cyber security exposures, legal actions or compliance, and performance failures that could ultimately disrupt their organization. Building a comprehensive TPRM Framework is increasingly important as organizations outsource more significant portions of their workloads to third-party suppliers.

Introduction to TPRM frameworks:

Third-party risk management (TPRM) frameworks provide organizations with a roadmap to build their TPRM programs based on industry-standard best practices. Frameworks the foundation of TPRM programs and provide the cornerstone of baseline control requirements for third-party vendors and suppliers.

There is no single approach to developing a TPRM framework, but some commonly used frameworks provide a solid starting point. Frameworks provided by organizations such as the National Institute of Standards and Technology (NIST) and the International Standards Organization (ISO) are a great place to start.

Third-party risk management policies guide organizations in the building, applying, managing, and implementing best practices. When implementing a third-party risk management framework, companies must examine the nature of the risk involved and deal with the changing business, regulatory and legal environments – and their potential impact on the organization’s operation. Effectively utilizing TPRM frameworks will reduce risks to organizations and their customers.

TPRM framework for an organization:

No single framework is likely to provide every organization with every control to comprehensively meet disparate regulatory, risk management, and due diligence objectives and requirements. Many organizations choose to work exclusively with NIST or ISO and draw from multiple frameworks and guidance documents from each of those bodies when developing and maturing their programs.

The following considerations and how they impact your organization are important when selecting a TPRM framework. Understanding the organizational risks is the first step in choosing the proper framework for your company. The infographic below illustrates many of the relevant risk categories

Some vendors or third parties may push back or be reluctant to engage in the assessment of their risk and security posture due to the time, and resources sometimes necessary to satisfy. TPRM isn’t just about ensuring that a partnership does not expose your organization to intolerable risk potential; it is also about rewarding vendors that reduce your organization’s risks through best practices. That’s why it’s important to select the correct TPRM framework and understand its impact on your ecosystem of external vendors.

Aspects that need to be considered to help you build a TPRM Framework:

Understanding the specific business requirements or the risk environment in which the business operates will help an organization build a mature and effective TPRM Framework. Shared Assessments, NIST 800-161, and ISO 27036 can provide specific examples of important SCRM (Supply Chain Risk Management) and TPRM controls, while organizations such as ISACA are valuable knowledge sources of practically applied best practice, third-party risk management processes.

About Author:

Narayanan Rajendran is a Management Consultant and Leads Third Party Risk Managed Services at Templar Shield. He has 15+ years of progressive experience advising global majors/Fortune 500 companies on Governance, Risk Management, and Compliance initiatives.

Our expert speakers using the proven methodology of the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool(CAT), provided comprehensive insights and practical guidance on leveraging the NOW Platform to conduct a thorough assessment of your financial institution’s:

– Risk exposure
– Control measures
– Cybersecurity preparedness

Overall, the webinar focuses’ on how using ServiceNow’s control management module on the NOW platform can help financial institutions to manage their cybersecurity controls, improve their cybersecurity posture and comply with FFIEC guidelines.

 Webinar Recording: FFIEC CAT and Controls in ServiceNow: