Compliance pillar · Module 1 of 6

Programming fundamentals

Every language has its own syntax, but the underlying concepts are universal. Master these, and learning new languages becomes much easier.

← Back to Developer Fundamentals Training

Controls stack visual kit

Reusable icons and a telemetry-to-audit diagram aligned to our fundamentals and operational guides.

Governance evidence

Use for control statements that cite ISO/IEC 42001 clause 6.3 change management, EU AI Act Articles 62–75, and SOC 2 trust service criteria.

Secure supply chain

Pair with SBOM, provenance, and intake guidance that references SPDX or CycloneDX formats, SLSA Level 3 attestations, and NIST SSDF tasks PS.3/PO.4.

Telemetry & evaluations

Highlight logging of prompts, responses, refusal rates, and safety filters alongside adversarial evaluation suites from NIST AI RMF playbooks or UK AISI guidance.

Assurance & resilience

Use for incident response and assurance artefacts that must meet OMB M-24-10 24-hour notifications, CIRCIA’s 72-hour clocks, and serious-incident duties under the EU AI Act.

Signals Controls Evidence Audit
  • Signals: prompt traces, supplier advisories, and safety filter activations streamed into monitoring.
  • Controls: guardrails, change review, SBOM validation, and access enforcement tied to AI lifecycle gates.
  • Evidence: runbooks that capture artefacts for ISO/IEC 42001 management reviews and SOC 2 narratives.
  • Audit: regulator-facing packets that satisfy EU AI Act post-market monitoring, OMB M-24-10, and CIRCIA timelines.

Audit readiness

Preparing for audits, evidence collection, and remediation planning.

This module covers the key concepts and practical guidance you need to understand audit readiness.

← Previous: Third-party risk Next: Compliance careers →