Governance evidence
Use for control statements that cite ISO/IEC 42001 clause 6.3 change management, EU AI Act Articles 62–75, and SOC 2 trust service criteria.
Governance pillar · Module 1 of 6
Programming fundamentals
Every language has its own syntax, but the underlying concepts are universal. Master these, and learning new languages becomes much easier.
Controls stack visual kit
Reusable icons and a telemetry-to-audit diagram aligned to our fundamentals and operational guides.
Secure supply chain
Pair with SBOM, provenance, and intake guidance that references SPDX or CycloneDX formats, SLSA Level 3 attestations, and NIST SSDF tasks PS.3/PO.4.
Telemetry & evaluations
Highlight logging of prompts, responses, refusal rates, and safety filters alongside adversarial evaluation suites from NIST AI RMF playbooks or UK AISI guidance.
Assurance & resilience
Use for incident response and assurance artefacts that must meet OMB M-24-10 24-hour notifications, CIRCIA’s 72-hour clocks, and serious-incident duties under the EU AI Act.
Signals
Controls
Evidence
Audit
- Signals: prompt traces, supplier advisories, and safety filter activations streamed into monitoring.
- Controls: guardrails, change review, SBOM validation, and access enforcement tied to AI lifecycle gates.
- Evidence: runbooks that capture artefacts for ISO/IEC 42001 management reviews and SOC 2 narratives.
- Audit: regulator-facing packets that satisfy EU AI Act post-market monitoring, OMB M-24-10, and CIRCIA timelines.
What is governance?
Governance fundamentals, corporate governance, and IT governance. Setting the foundation.
This module covers the key concepts and practical guidance you need to understand what is governance?.