AI Governance 101 — the full syllabus.
The complete curriculum is published openly so you know exactly what you get before you enroll. Your subscription unlocks all five persona tracks, all 19 modules, the Socratic tutor, and the certification exam.
19 modules · one corpus
- M1 — What AI Governance Is (and Is Not)
- M2 — Due Care & Due Diligence
- M3 — Shadow AI & the Four-Layer Surface
- M4 — Why Now: Regulatory Clock
- M5 — Why Now: Threat Clock
- M6 — Stakeholder Map & RACI
- M7 — The AIMS (ISO 42001 in Plain English)
- M8 — The Artifacts
- M9 — Framework Deep-Dive I (US)
- M10 — Framework Deep-Dive II (EU/Intl)
- M11 — The Tooling Landscape & Tool/MCP Supply Chain
- M12 — Agentic AI Governance
- M13 — Agent Identity, Access & Delegation
- M14 — Agentic Threat Taxonomy
- M15 — Evals, Red-Teaming & Deployment Gates
- M16 — Effective Human Oversight
- M17 — Agent Incident Response & Observability
- M18 — Operating Rhythm & 90-Day Plan
- M19 — Consequences, Scenarios & Capstone Tabletop
Five persona tracks
Governance as an oversight duty — what the board must decide, ask, and document, including agent identity and the delegation liability agents introduce, and the artifact you sign.
The complete program — every module, from shadow-AI discovery through agent identity, the agentic threat taxonomy, evals, incident response, and the operating rhythm.
Build and run it — the tooling and MCP supply chain, agent identity and delegation, the threat taxonomy, evals and deployment gates, and incident response.
Obligations and evidence — the regulatory clock, the frameworks, agent identity and 'on whose authority', disclosure and incident response, and the records that make your compliance defensible.
The essentials, fast — shadow-AI and the shadow-agentic surface (browser agents, personal assistants), the artifacts that matter, and effective human oversight of AI.
Frequently asked questions
- What is AI Governance 101 certification?
- AI Governance 101 is a training and certification program across 19 modules and 5 persona tracks. You learn the governance concepts, then take a timed, deterministic exam; passing at 80% earns a third-party-verifiable credential. It is a knowledge certification via examination — not an identity-proofed, proctored credential.
- How long does each persona track take?
- Board & CEO is about 55–75 minutes and Employee Essentials 25–35 minutes; CTO/CIO/IT and Legal/Compliance are about 3–3.5 hours; and the CISO / Security Leader track covers all 19 modules in about 5–6 hours.
- What is on the AI governance certification exam?
- Each track has a proportionally sized exam: 30 questions for Board, 25 for Employee, 40 for Legal, 45 for CTO, and 70 for CISO. All require 80% to pass; 92% earns Pass with Distinction. Scoring is deterministic — no AI grades it.
- Is the credential verifiable by a third party?
- Yes. Each credential has a public verification URL, is tamper-evident via a SHA-256 hash, and is valid for three years — the same verification pattern SanctumShield uses for its governance artifacts.
- Does the course cover the EU AI Act and Colorado SB 26-189?
- Yes. The regulatory modules cover the EU AI Act (including Article 14 effective human oversight), the Colorado AI Act (SB 26-189), and US frameworks, in plain English, clause by clause.
- What is agentic AI governance?
- Governing AI that acts autonomously — holding credentials, calling tools, and invoking other agents — not just answering. The Academy devotes its M12–M17 block to it: agent identity, the threat taxonomy, evals and deployment gates, human oversight, and incident response.
- What does the course cost?
- Four plans, all with the same curriculum: Individual $29/month for one learner (1,000 AI-tutor messages/month); Pro $59/month for high-volume learners (2,500 messages); Team $199/month for up to 10 seats (600 messages per seat); and Team Pro $499/month for up to 10 high-volume seats (1,500 messages per seat). Every plan includes all five persona tracks, the tutor, and certification; reading, warm-up quizzes, and exams are unmetered. Month-to-month, cancel anytime.
- How are the exam questions scored?
- Deterministically — no AI grades it. Single-answer questions are exact-match. On “select all that apply” questions, scoring is all-or-nothing: you earn the mark only if you select every correct option and no incorrect ones, which keeps scoring unambiguous. Item and option order are randomized on every attempt, and 80% passes (92% earns Pass with Distinction).
- How is this different from the SanctumShield Coach?
- The Coach answers questions about using SanctumShield's audits and deliverables. The Academy trains, tests, and certifies — it teaches the governance curriculum and issues a verifiable credential.
- Does the exam use AI grading?
- No. The certification exam is scored deterministically by exact-match logic. The AI tutor teaches and quizzes, but it never grades or awards a score.
- When does the credential expire?
- Three years from issue, or earlier if a major regulatory content change warrants recertification — which operationalizes Due Diligence on the credential itself.
The artifacts you study here — the AI Acceptable Use Policy, the Board Memo, and the Executive Risk Report — are the same ones auditors, boards, and insurers ask for. SanctumShield is the platform that generates and manages them: run an AI audit and assessment, produce a board-ready AUP, and get a third-party-verifiable governance artifact in minutes. See the SanctumShield platform →