FlashGenius Logo FlashGenius
SecAI+ CY0-001 ยท Domain 4 of 4

AI Governance, Risk & Compliance
The frameworks and roles that keep AI accountable

Governance structures and roles, responsible AI principles and key risks, and the compliance frameworks (NIST AI RMF, EU AI Act, ISO/IEC 42001) that tie the whole exam together.

19%
Exam Weight
3
Key Concept Areas
12
Flashcards
8
Quiz Questions
๐Ÿ  Hub 1 ยท Basic Concepts 2 ยท Securing AI Systems 3 ยท AI-Assisted Security 4 ยท AI GRC

What Domain 4 Covers

Domain 4 makes up 19% of the SecAI+ exam โ€” the smallest weighting, but it ties everything together. Expect questions on who is responsible for what (governance roles), the principles that responsible AI programs follow, and the major compliance frameworks that regulate AI.

Objective A

Governance Structures

Identify the roles, policies, and organizational structures (like an AI Center of Excellence) that govern AI use.

Objective B

Risk & Responsible AI

Recognize responsible AI principles and the key risks โ€” bias, leakage, Shadow AI, IP, and autonomy risks.

Objective C

Compliance Frameworks

Know the major regulations and standards (NIST AI RMF, EU AI Act, ISO/IEC 42001) and corporate policy considerations.

AI Center of Excellence Shadow AI Responsible AI NIST AI RMF EU AI Act ISO/IEC 42001 Data Sovereignty Explainability
๐Ÿ’ก
How to use this page: Work through the three Key Concepts cards, drill the 12 flashcards, then take the 8-question Knowledge Check.
๐Ÿงฉ
Big picture: Domain 4 is the "so what" of the exam โ€” it asks how organizations govern, mitigate risk, and stay compliant for everything covered in Domains 1โ€“3.

Key Concept Areas

Click each card to expand the explanation and study tip.

1. Governance Structures & Roles โ–พ
AI Center of Excellence (AI CoE)
  • A centralized team/function that sets policies, standards, and best practices for AI adoption across an organization.
Key Roles
  • Data Scientist โ€” builds and evaluates models.
  • AI/ML Engineer โ€” develops and trains ML systems.
  • MLOps Engineer โ€” operationalizes, deploys, and monitors models in production.
  • Platform Architect/Engineer โ€” designs the infrastructure AI systems run on.
  • Security Architect/Engineer โ€” designs and implements security controls for AI systems.
  • AI Governance / Risk / Audit roles โ€” oversee policy compliance, risk assessment, and audits.
  • Data Engineer โ€” builds and maintains data pipelines feeding AI systems.
๐Ÿ’ก
Study tip: Expect "who is responsible for X" questions โ€” match each role to its primary function.
2. AI Risks & Responsible AI Principles โ–พ
Responsible AI Principles
  • Fairness, reliability & safety, transparency, privacy & security, explainability, inclusiveness, accountability, consistency, awareness.
Key Risks
  • Bias introduction โ€” unfair or skewed outputs from training data or design.
  • Accidental leakage โ€” sensitive data unintentionally exposed in model outputs.
  • Reputational loss โ€” damage from AI failures or controversies.
  • Performance risk โ€” models degrading or underperforming over time.
  • IP risk โ€” intellectual property exposure or infringement via AI tools.
  • Autonomous systems risk โ€” risks from systems acting with reduced human oversight.
Shadow IT / Shadow AI
  • Use of AI tools or models that haven't been approved or reviewed by the organization's governance team.
๐Ÿ’ก
Study tip: Expect at least one Shadow AI question โ€” it's a favorite exam topic.
3. Compliance Frameworks & Corporate Policy โ–พ
  • EU AI Act โ€” risk-tiered regulation (unacceptable, high, limited, minimal risk) with corresponding legal obligations.
  • OECD / ISO standards, including ISO/IEC 42001 โ€” international standard for AI management systems.
  • NIST AI Risk Management Framework โ€” four core functions: Govern, Map, Measure, Manage (mnemonic: "GMMM").
  • Corporate policy considerations โ€” sanctioned vs. unsanctioned tools, private vs. public models, governance of sensitive data.
  • Third-party compliance evaluations โ€” assessing vendors before integrating their AI into regulated workflows.
  • Data sovereignty โ€” legal requirements that data be stored/processed within specific national borders.
๐Ÿ’ก
Study tip: Memorize "Govern, Map, Measure, Manage" for NIST AI RMF โ€” it's a near-guaranteed exam question.

Flashcards

Click a card to flip it. There are 12 terms covering Domain 4's governance, risk, and compliance concepts.

Knowledge Check

Question 1 of 8 ยท Score: 0

๐ŸŽ‰

Exam Ready

0 / 8

SecAI+ CY0-001 ยท V1

You've covered all 4 domains!

Head back to the study hub for the full exam overview, domain weight breakdown, and links to revisit any section before test day.

๐Ÿ“ Practice Tests on FlashGenius Back to Hub โ†’ Official Exam Page