Governance evidence
Use for control statements that cite ISO/IEC 42001 clause 6.3 change management, EU AI Act Articles 62–75, and SOC 2 trust service criteria.
Governance pillar · Module 1 of 6
Programming fundamentals
Every language has its own syntax, but the underlying concepts are universal. Master these, and learning new languages becomes much easier.
Controls stack visual kit
Reusable icons and a telemetry-to-audit diagram aligned to our fundamentals and operational guides.
Secure supply chain
Pair with SBOM, provenance, and intake guidance that references SPDX or CycloneDX formats, SLSA Level 3 attestations, and NIST SSDF tasks PS.3/PO.4.
Telemetry & evaluations
Highlight logging of prompts, responses, refusal rates, and safety filters alongside adversarial evaluation suites from NIST AI RMF playbooks or UK AISI guidance.
Assurance & resilience
Use for incident response and assurance artefacts that must meet OMB M-24-10 24-hour notifications, CIRCIA’s 72-hour clocks, and serious-incident duties under the EU AI Act.
Signals
Controls
Evidence
Audit
- Signals: prompt traces, supplier advisories, and safety filter activations streamed into monitoring.
- Controls: guardrails, change review, SBOM validation, and access enforcement tied to AI lifecycle gates.
- Evidence: runbooks that capture artefacts for ISO/IEC 42001 management reviews and SOC 2 narratives.
- Audit: regulator-facing packets that satisfy EU AI Act post-market monitoring, OMB M-24-10, and CIRCIA timelines.
Audit and assurance
Internal audit, external audit, and continuous assurance. Evidence-based governance.
This module covers the key concepts and practical guidance you need to understand audit and assurance.