Repository of my learning material for the AI Governance Professional certification offered by IAPP, this will include my study notes I capture as I read through the prep book by Joanna M. Valencia: https://www.amazon.co.uk/Artificial-Intelligence-Governance-ProfessionalTM-Comprehensive-ebook/dp/B0FV2WFYTV

• I. Understand What AI Is and Why It Needs Governance (AIGP BoK Section I.A)
  Status: Completed
  Target: 27-Jan-2026

  • A. Generally Accepted Definitions and Types of AI
  • B. Risks and Harms Posed by AI to Individuals, Groups, Organizations, and Society
  • C. Unique Characteristics of AI That Require Strong Governance
  • D. Principles of Responsible AI

• II. Establish and Communicate Organisational Expectations for AI Governance (AIGP BoK Section I.B)
  Status: Completed
  Target: 28-Jan-2026

  • A. Defining Roles and Responsibilities for AI Governance Stakeholders
  • B. Cross-Functional Collaboration
  • C. Training and Awareness for Stakeholders on AI Terminology, Strategy, and Governance
  • D. Tailoring Governance by Organizational Context
  • E. Differentiating Stakeholders in AI Governance: Developers, Deployers, and Users

• III. Establish Policies and Procedures Across the AI Lifecycle (AIGP BoK Section I.C)
  Status: Completed
  Target: 29-Jan-2026

  • A. Policies for Oversight and Accountability Across Lifecycle Stages
  • B. Updating Privacy and Security Policies for AI
  • C. Third-Party Risk Policies

• I. HOW EXISTING DATA PRIVACY LAWS APPLY TO AI (AIGB BOK Section II.A)
  Status: Completed
  Target: 01-Feb-2026

  • A. Notice, Choice/Consent, and Purpose Limitation in AI Contexts
  • B. Data Minimization and Privacy by Design for AI
  • C. Controller Obligations in AI Contexts
  • D. Special / Sensitive Data Requirements

• II. HOW OTHER EXISTING LAWS APPLY TO AI (AIGP BOK Section II.B)
  Status: Completed
  Target: 08-Feb-2026

  • A. Intellectual Property (IP) and AI
  • B. Non-Discrimination and AI
  • C. Consumer Protection and AI
  • D. Product Liability and AI

• III. MAIN ELEMENTS OF THE EU AI ACT (AIGP BOK Section II.C)
  Status: Completed
  Target: 10-Feb-2026

  • A. Risk classification

  • B. Key requirements for high-risk AI systems

  • C. Distinct requirements for general-purpose AI models

  • D. Enforcement framework and penalties

  • E. Role-based differences

• IV. MAIN INDUSTRY STANDARDS AND TOOLS. (AIGP BOK Section II.D)
  Status: Completed
  Target: 12-Feb-2026

  • A. OECD Principles, Framework, Policies, and Recommended Practices for Trustworthy AI

  • B. NIST AI Risk Management Framework & Playbook

  • C. NIST ARIA Program

  • D. ISO Core AI Standards

• I. GOVERN THE DESIGNING AND BUILDING OF THE AI MODEL (AIGP BOK Section III.A)

  Status: Completed
  Target: 01-Mar-2026

  • A. Define Business Context and Use Case
  • B. Perform / Review Impact Assessment
  • C. Identify Applicable Laws
  • D. Apply Policies, Best Practices, and Ethics in Design/Build
  • E. Risk Management in AI Design and Build
  • F. Document the Design/Build Process

• II. GOVERN DATA COLLECTION AND USE FOR TRAINING/TESTING (AIGP BOK Section III.B)

  Status: Completed
  Target: 06-Mar-2026

  • A. Data Governance Requirements
  • B. Data Lineage and Provenance
  • C. Plan and Perform Training & Testing
  • D. Identify and Manage Issues & Risks During Training/Testing
  • E. Document Training/Testing

• III. GOVERN RELEASE, MONITORING, AND MAINTENANCE (AIGP BOK Section III.C)

  Status: Completed
  Target: 11-Mar-2026

  • A. Release Readiness
  • B. Continuous Monitoring; Scheduled Maintenance, Updates, Retraining
  • C. Periodic Assurance
  • D. Incident / Issue / Risk Management & Documentation
  • E. Cross-Functional Collaboration to Analyze Incident Causes
  • F. Public Disclosures for Transparency

• I. EVALUATE FACTORS/RISKS BEFORE DECIDING TO DEPLOY (AIGP BOK Section IV.A)

  Status: Incomplete
  Target: xx-Mar-2026

  • A. Use-Case Context
  • B. Model Type Differences
  • C. Deployment Options

• II. PERFORM KEY ASSESSMENT ACTIVITIES ON THE SELECTED MODEL (AIGP BOK Section IV.B)

  • A. Perform / Review Impact Assessment
  • B. Identify Applicable Laws
  • C. Evaluate Vendor / Open-Source Terms & Risks
  • D. Account for Proprietary-Model Deployment Issues

• III. GOVERN DEPLOYMENT AND OPERATIONAL USE (AIGP BOK Section IV.C)

  • A. Apply Policies, Best Practices, and Ethics to Deployment
  • B. Continuous Monitoring; Scheduled Maintenance, Updates, Retraining
  • C. Periodic Assurance
  • D. Document Incidents, Issues, Risks, and Post-Market Monitoring Plans
  • E. Forecast & Reduce Secondary / Unintended Uses and Downstream Harms
  • F. External Communications Plans
  • G. Deactivate / Localize Controls as Needed

1. Write an AI Risk Assessment for a hypothetical company (or real one)
2. Create System Cards, Model Cards, Risk Matrices (Probability-Severity Matrix), and Version Control Logs (maybe from GIT)
3. Create an AI Governance Policy Template
4. Develop a context specific EU AI Act Compliance Checklist
5. Breakdown what the EU AI Act means for some industry use cases
6. SOP for performing an Algorithmic Impact Assessment
7. Review/Refine my knowledge of the AI Lifecycle (Specifically ML as it relates to neural networks)

References

1. Dr Obi Ogbanufe: https://www.youtube.com/watch?v=e84uUgBv538&t=616s (https://obiogbanufe.com/)
2. NIST AI Risk Management Framework: https://www.nist.gov/artificial-intelligence
3. EU AI Act: https://artificialintelligenceact.eu/ai-act-explorer/
4. OWASP Top 10 for LLMs Applications: https://owasp.org/www-project-top-10-for-large-language-model-applications/