Curated collection of essential frameworks, tools, and learning resources for AI Governance, Risk, and Compliance professionals
- 🌍 Global Regulatory Frameworks
- 🔐 Technical Security Resources
- 💡 Thought Leadership
- 🎓 Learning Pathways
- ⚡ Quick Wins
- 📚 Resources
- 📊 Presentation Materials
- 🤝 Contributing
- 📄 License
Essential standards and regulations for AI governance across jurisdictions.
| Framework | Description | Official Link | Why It Matters for GRC |
|---|---|---|---|
| ISO/IEC 42001:2023 | International standard for AI Management Systems (AIMS) | ISO 42001 | First certifiable AI management system standard; provides auditable controls and governance structure |
| NIST AI RMF | Voluntary framework for managing AI risks throughout the AI lifecycle | NIST AI RMF | US government-backed; maps to existing risk frameworks; practical implementation guidance |
| EU AI Act | Comprehensive AI regulation establishing risk-based requirements | EU AI Act | Mandatory for EU market access; sets global compliance precedent; significant penalties for non-compliance |
📁 Detailed Summaries: /frameworks
Security-focused frameworks and methodologies for AI systems.
| Resource | Description | Official Link | Why It Matters for GRC |
|---|---|---|---|
| MITRE ATLAS™ | Adversarial threat landscape for AI systems with TTPs | MITRE ATLAS | Threat-informed defense; maps AI-specific attacks; integrates with ATT&CK methodology |
| OWASP AI Security | Comprehensive guide for AI security and privacy | OWASP AI | Vendor-neutral; covers entire AI lifecycle; practical security controls |
| Cloud Security Alliance | AI security guidance and shared responsibility models | CSA AI | Cloud-specific AI risks; shared responsibility clarity; industry benchmarks |
📁 Detailed Summaries: /frameworks
Leading research institutions and organizations advancing AI safety and governance.
| Organization | Focus Area | Link | Key Contributions |
|---|---|---|---|
| Berryville Institute of Machine Learning (BIML) | AI security and machine learning risks | BIML | Architectural Risk Analysis methodology; practical security guidance |
| MIT AI Risk Repository | Comprehensive AI risk taxonomy | MIT AI Risks | Academic rigor; comprehensive risk categorization; research-backed |
| Anthropic | AI safety research and responsible development | Anthropic | Constitutional AI; interpretability research; safety-first approach |
| OpenAI | AI safety and policy research | OpenAI Safety | Alignment research; deployment policies; industry influence |
Structured roadmap for building AI GRC expertise. Our 13+ week program takes you from foundational concepts to advanced implementation.
| Phase | Focus | Duration | Path |
|---|---|---|---|
| 🟢 Foundation | AI fundamentals, ethics, OECD principles | Weeks 1-4 | Foundation Path |
| 🟡 Regulatory | ISO 42001, NIST comparison, EU AI Act | Weeks 5-8 | Regulatory Path |
| 🔵 Technical | MITRE ATLAS, OWASP AI, security tools | Weeks 9-12 | Technical Path |
| 🟣 Advanced | Risk assessments, vendor management, dashboards | Week 13+ | Advanced Path |
📁 Full Learning Paths: /learning-paths
Start your AI GRC journey today with these actionable first steps:
- ✅ Complete AI For Everyone by Andrew Ng (4 hours)
- ✅ Read the NIST AI RMF Executive Summary (30 minutes)
- ✅ Bookmark the EU AI Act Official Portal
- ✅ Explore MITRE ATLAS attack techniques (1 hour)
- Map your organization's AI use cases to risk categories
- Identify which regulatory frameworks apply to your operations
- Complete foundation learning path
- Join 2-3 professional communities from our communities list
Comprehensive collections of certifications, courses, tools, and communities.
| Category | Description | Link |
|---|---|---|
| 🏆 Certifications | Professional credentials (IAPP AIGP, ISACA, ISO Lead Auditor) | Certifications |
| 📖 Courses | Online learning (Coursera, MIT, Stanford, SANS) | Courses |
| 🛠️ Tools | Model monitoring, compliance automation, templates | Tools |
| 👥 Communities | Professional networks, Slack groups, conferences | Communities |
📁 All Resources: /resources
Looking for ready-to-use presentation materials? Check out our slide deck resources.
📁 Presentation Guide: /slides
The slides directory contains guidance on creating effective AI GRC presentations, including:
- Executive briefing templates
- Technical deep-dive structures
- Regulatory compliance overviews
- Risk assessment presentations
We welcome contributions from the AI GRC community! Please see our Contributing Guidelines for details on:
- Adding new resources and frameworks
- Updating existing content
- Submitting corrections
- Suggesting improvements
This project is licensed under the MIT License - see the LICENSE file for details.
This resource collection is built on the work of numerous organizations, researchers, and practitioners dedicated to responsible AI development and governance.
Created by Jose Ruiz-Vazquez
Threat-Informed AI Governance & Risk
⭐ Star this repo if you find it helpful!