Compliance Officer Track
Audience: GRC analysts, risk officers, compliance managers
Goal: Monitor AI compliance posture and export audit evidence for your regulatory frameworks
Estimated time: ~2 hours across 7 modules
This track is written for the Compliance Officer role. Administrators have the same capabilities and share all content in this track.
Track overview
No coding required. This track is portal-focused. You will not need to write or modify SDK code — that is handled by your development team following the Developer Track.
| Module | Title | Time |
|---|---|---|
| 1 | Understanding governance scores | 15 min |
| 2 | Configuring compliance frameworks | 20 min |
| 3 | Reading the Governance Adoption path | 15 min |
| 4 | Alert rules and anomaly detection | 20 min |
| 5 | Remediation workflows | 15 min |
| 6 | Evidence packs: contents and use | 20 min |
| 7 | Presenting AI compliance evidence to auditors | 15 min |
Module 1 — Understanding governance scores
Goal: Understand what governance scores measure, how they are calculated, and what score thresholds indicate action-required states.
Read:
Key concepts:
- Governance score — composite measure of attribute completeness, schema compliance, and behavioral consistency
- Bronze/Silver/Gold adoption tiers — progression toward full governance coverage
- Inferred vs. declared — how
GovernanceInferredMaskaffects score confidence
Self-assessment:
- I can read the overall governance score and explain what it reflects
- I know which applications are at Bronze, Silver, and Gold tiers
- I understand the difference between declared and inferred governance attributes
Module 2 — Configuring compliance frameworks
Goal: Map your regulatory obligations (EU AI Act, SR 11-7, NIST AI RMF, HIPAA, ISO 42001) to your application portfolio in the portal.
Read:
Self-assessment:
- Applicable frameworks are configured for each application
- Control objectives are visible in the Compliance Center per-application view
- I understand which controls are auto-satisfied by telemetry vs. require manual attestation
Module 3 — Reading the Governance Adoption path
Goal: Use the Bronze/Silver/Gold adoption path to guide your development team toward full governance coverage.
Read:
Self-assessment:
- I can identify the specific attribute gaps that are blocking a Bronze→Silver promotion
- I have shared the adoption path view with my development team
- I know the governance score threshold required for each framework’s “ready for audit” state
Module 4 — Alert monitoring and governance notifications
Goal: Monitor governance alerts, acknowledge active violations, and subscribe to the alert notifications relevant to your compliance oversight work.
Read:
Your role in the alerts workflow: Alert rules and notification channels are configured by your Administrator and Governance Engineer. Your job is to act on the activity those rules produce — acknowledge violations that need compliance attention, subscribe to the governance alerts relevant to your frameworks, and use alert history as evidence that violations were handled on time.
What you can do in the Alerts workspace:
- Acknowledge open alerts to signal they are under active investigation
- Subscribe to governance alert notifications under Settings → Notifications → Governance Alerts
- View alert history to verify violations were acknowledged within required SLA windows — this history appears in your evidence exports
- Navigate alert-to-session links to move directly to the session that triggered a violation
Alert types to understand:
- Threshold Alert — fires when a metric crosses a defined boundary (e.g., classification completeness drops below 80%)
- Policy Evaluation — fires when session-level governance properties violate a declared policy
- System Health Policy — detects SDK health degradation that could indicate silent data loss
Self-assessment:
- I can navigate to the Alerts workspace and find alerts for my regulated applications
- I know how to acknowledge an alert and add a resolution note
- I have subscribed to governance alert notifications for each regulated application
- I understand how acknowledged alerts appear in exported compliance evidence
Module 5 — Remediation workflows
Goal: Use the Review Queues and finding capture workflow to document, track, and close compliance findings.
Read:
Self-assessment:
- I can open a finding from a triggered rule and document the remediation action
- I know how to close a finding with an evidence attachment
- I understand how closed findings appear in the Evidence Pack
Module 6 — Evidence packs: contents and use
Goal: Know exactly what is in an Evidence Pack, how to generate one, and how to present it to internal or external auditors.
Read:
Evidence Pack contents:
- Signed PDF report with governance score, control mappings, and anomaly summary
- Machine-readable JSON-LD with linked data for ingestion into GRC tools
- Merkle root + Solana transaction ID for tamper-evidence verification
- Bundled
veriproof-verifyverifier output
Self-assessment:
- I can generate an Evidence Pack for a specific time range and application set
- I have reviewed the control mapping section and verified it matches our declared framework
- I understand how to interpret the tamper-evidence section
Module 7 — Presenting AI compliance evidence to auditors
Goal: Know how to create a time-bounded, scope-bounded auditor share and walk an auditor through the evidence.
Read:
- External auditor access (GuestAuditAccess)
Presenting to auditors checklist:
- Created an auditor guest share with appropriate scope and time boundaries
- Verified that the guest link includes the Evidence Pack + verifier output
- I can explain the blockchain anchoring proof to an auditor who asks “how do we know this data wasn’t modified?”
Request your certificate
Once you have completed all 7 module self-assessments, request your Compliance Officer Track completion certificate. This certificate is valid for 12 months and can be presented as evidence of staff competency training in AI governance audits.